UK experiencing four ‘nationally significant’ cyber attacks every week

The NCSC dealt with 204 ‘nationally significant’ cyber attacks perpetrated against the UK in the 12 months leading up to August this year. That’s a sharp rise from the 89 attack episodes recorded in the previous year.

Of the total of 429 incidents that have been handled, 18 were categorised as ‘highly significant’, meaning that they had the potential to exext a serious impact on essential services. This marks an almost 50% increase on incidents of this second-highest level categorisation when compared with the previous year (and an increase for the third year in succession).    

A substantial proportion of all incidents handled by the NCSC last year were linked to Advanced Persistent Threat actors. The focus here is on either nation-state actors or highly capable criminal groups.

Business survival  

Dr Richard Horne, CEO of the NCSC, stated: “Cyber security is now a matter of business survival and national resilience. With over half of the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.”

Horne continued: “The best way to defend against these attacks is for organisations to make themselves as hard a target as possible. That demands urgency from every business leader. Hesitation is a vulnerability. The future of their businesses depends on the action they take today. The time to act is now.”

In response to the rising threat and in the wake of high-profile cyber incidents, the Government has written to CEOs and chairs of leading businesses (including all FTSE350 companies) highlighting the importance of Government and business working hand-in-hand to protect the UK’s economy and make cyber resilience a Board-level responsibility.

The NCSC works around the clock to counter cyber threats and bolster the UK’s digital resilience. Supporting organisations to strengthen their defences is part of the Government’s plan to deliver national renewal focused on security, opportunity and respect.  

Nationally significant incidents have a substantial impact on the UK’s national security, economy or critical infrastructure, including threats to essential services, sensitive data or key Government functions.  

Highly significant incidents represent an even more serious threat, often requiring a co-ordinated cross-Government response due to their potential for causing widespread disruption or long-term damage to national interests.

New resource

The NCSC has launched a new resource for smaller organisations to help them implement foundational controls. The Cyber Action Toolkit is purpose-designed to help sole traders and small organisations put in place some of the basic cyber security measures that help guard against the most common cyber threats.

Recent figures show that 42% of small businesses reported cyber breaches in 2024, while 35% of micro businesses faced phishing attacks. Despite this threat, many smaller businesses struggle to know where to start with achieving cyber protection against the most common threats.

The toolkit personalises recommendations based on specific business needs, focusing on high-impact, low-effort actions in the first instance. Users progress through the Foundation, Improver and Enhanced levels at their own pace, with built-in rewards recognising each step that’s completed.

Businesses are also urged to implement Cyber Essentials, which helps organisations guard against the most common cyber attacks. The certification scheme includes automatic cyber liability insurance for any UK organisation certifying their whole organisation and with an annual turnover of less than £20 million.

‘Noisy’ attacks

Dr Ilia Kolochenko, CEO at ImmuniWeb and a Fellow of the British Computer Society, has issued comment on the NCSC’s statistics.

“Ransomware attacks are usually quite ‘noisy’ as the extortion methods employed frequently imply public disclosure of the attack,” asserted Kolochenko. “Likewise, politically motivated attacks aimed at disrupting Critical National Infrastructure in the UK are visible to everyone per se, automatically being noticed by the Government.”

Kolochenko continued: “Sophisticated intrusions by organised transnational cyber crime or cyber mercenaries looking for the valuable trade secrets of British businesses or classified defense information processed by private companies often remain undetected due to their technical sophistication. Moreover, the perpetrators undertake their best efforts to avoid detection, which may trigger an investigation and many undesirable consequences such as the exposure of ‘Zero Day’ vulnerabilities or specific intrusion patterns that they stealthily and successfully use to breach companies.”

In conclusion, Kolochenko noted: “Even if such intrusion is detected by a victimised organisation, that firm may predictably decide to conceal it from the public gaze and not report anything to law enforcement agencies. This tactic is understandable. When bad guys are located in foreign non-extraditable jurisdictions, Government-driven investigations are not likely to bear any fruit, while public disclosure will merely create long-lasting reputational and financial damage, thereby exacerbating the consequences of the attack.”

*Read the NCSC’s 32-page Annual Review 2025 in full online