The National Cyber Security Centre (NCSC) has handled an average of four ‘nationally significant’ cyber attacks every week in the year to September.
In its latest Annual Review, the UK’s cyber agency, a part of GCHQ, has revealed that the cyber threats facing the UK continue to escalate. The NCSC dealt with 204 ‘nationally significant’ cyber attacks against the UK in the 12 months to August 2025 – a sharp rise from 89 in the previous year.
Of a total of 429 incidents handled, 18 were categorised as ‘highly significant’, meaning that they had the potential to have a serious impact on essential services. This marks an almost 50% increase on incidents of this second-highest level categorisation compared with the previous year, and an increase for the third year running.
A substantial proportion of all incidents handled by the NCSC last year were linked to Advanced Persistent Threat (APT) actors – either nation-state actors or highly capable criminal groups.
“Cyber security is now a matter of business survival and national resilience,” Dr Richard Horne, Chief Executive of the NCSC, said. “With over half the incidents handled by the NCSC deemed to be nationally significant and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.
“The best way to defend against these attacks is for organisations to make themselves as hard a target as possible.
“That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.
In response to the rising threat and in the wake of high-profile cyber incidents, the government has written to chief executives and chairs of leading businesses – including all FTSE350 companies – highlighting the importance of government and business working hand in hand to protect the UK economy and make cyber resilience a Board-level responsibility.
The NCSC works around the clock to counter cyber threats and bolster the UK’s digital resilience. Supporting organisations to strengthen their defences is part of the government’s plan to deliver national renewal focused on security, opportunity and respect.
Nationally significant incidents have a substantial impact on the UK’s national security, economy or critical infrastructure, including threats to essential services, sensitive data, or key government functions.
Highly significant incidents represent an even more serious threat, often requiring a coordinated cross-government response due to their potential to cause widespread disruption or long-term damage to national interests.
Today, the NCSC has also launched a new resource for small organisations to help them implement foundational controls. The Cyber Action Toolkit is designed to help sole traders and small organisations put in place some of the basic cyber security measures that help guard against the most common cyber threats.
Businesses are also urged to implement Cyber Essentials, which helps organisations guard against the most common cyber attacks. The certification scheme includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and has less than £20m annual turnover.
To read the full review, click here.
To read more NCSC news, click here.
