The National Cyber Security Centre (NCSC) dealt with 204 “nationally significant” cyber-attacks in the UK during the 12 months to August 2025, an increase from 89 during the previous year.
The NCSC, which is part of security organisation GCHQ, said it handled 429 incidents over the period, 18 of these were categorised as “highly significant”, meaning that they had the potential to have a serious impact on essential services.
This marks an almost 50 per cent hike on incidents of this second-highest level categorisation compared with the previous year and an increase for the third year running.
In its annual review, the NCSC said that a substantial proportion of all incidents it handled last year were linked to Advanced Persistent Threat (APT) actors – either nation-state actors or highly capable criminal groups.
Dr Richard Horne, chief executive of the NCSC, said that cybersecurity is now a matter of business survival and national resilience, advising that the best way to defend against these attacks is for organisations to make themselves as hard a target as possible.
“With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50 per cent rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace,” he added. “That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.”
In response to the rising threat and in the wake of high-profile cyber incidents, the government has written to the chief executives and chairs of leading businesses, including all FTSE350 companies, to highlight the importance of working together to protect the UK economy and make cyber resilience a board-level responsibility.
In the letter, which was signed by MPs including business secretary Peter Kyle and technology secretary Liz Kendall, the government urged companies to sign up for NCSC’s early warning service and to implement cybersecurity controls across their supply chain.
Businesses were also urged to implement UK government-backed certification scheme Cyber Essentials, which helps organisations guard against the most common cyber-attacks.
The initiative includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and has less than £20 million in annual turnover.
To support this, the NCSC has also launched a new resource for small organisations to help them implement foundational controls.
The Cyber Action Toolkit is designed to help sole traders and small organisations put in place some of the basic cybersecurity measures that help guard against the most common cyber threats.
The NCSC said nationally significant incidents have a substantial impact on the UK’s national security, economy or critical infrastructure, including threats to essential services, sensitive data, or key government functions.
It added that it works around the clock to counter cyber threats and bolster the UK’s digital resilience.
