The National Cyber Security Centre’s (NCSC) annual review details a 50% increase in nationally significant incidents—attacks that cause sustained disruption to essential services, affect national security, or lead to severe economic and social consequences.
Richard Horne, CEO of NCSC, urged all business leaders to “take responsibility for their organisation’s cyber resilience,” saying that “for too long, cyber security has been regarded as an issue predominantly for technical staff. This must change.”
Findings
In 2024–25, the NCSC triaged 1,727 incidents into 429 managed cases. Nearly half were nationally significant (48%), and 18 were categorized as highly significant. This shows a third consecutive increase.
Vulnerabilities in legacy systems contributed to many severe incidents, with major CVEs (e.g., SharePoint, Ivanti, Fortinet) linked to at least 29 NCSC-managed cases.
China, Russia, DPRK, and Iran
The report explains that nation –state-backed threats linked to China, Russia, DPRK, and Iran remain the most strategically consequential risks. Over the past year, China-linked botnet campaigns like “Flax Typhoon” and “Salt Typhoon” have caused significant disruption.
Some attacks are aligned with national policies, even if not directly driven by the nation-state itself. Pro-Russian hacktivist activity has been noted in response to the ongoing invasion of Ukraine, and the UK’s response to it.
The report warns that Iran will continue to expand cyber operations in the near future, linking the risk to conflicts in the Middle East and Iran’s military and geopolitical strategies.
Ransomware
It will surprise no one to see that ransomware is named as one of the most significant and disruptive risks, with the report citing attacks on Marks & Spencer and The Co-Op, alongside recent supply chain attacks on JLR. Most “cyber criminals are sector agnostic, selecting victims based on organizations they believe:
- Are most likely to pay a ransom
- Are vulnerable to operational downtime
- Hold sensitive data that would cause significant harm to UK citizens if leaked”
Response
The report urges the sector to move towards a point of “radical transparency.” By making it easier to understand the technology products in the supply chain, you allow better-informed security decision making going forwards.
“Radical transparency allows vendors with sound practices to demonstrate their commitment to cyber security more convincingly. This information is not just of value to individual customers, but could also inform longer term decisions by potential investors,” the NCSC states.
The report goes on to list the areas that organizations should be prioritizing in order to stay safe:
- Adopt passkeys – these should become the default authentication recommendation
- Pen and paper resilience – plan for how you would respond without access to any of your IT systems
- Adopt the AI Cyber Security Code of Practice – address cyber security risks to AI systems, to secure the organizations that develop and use them
Prepare, prepare, prepare
In an open letter from The Co-Op Group, Shirine Khoury-Haq, CEO, reflects on the impact an attack had on their organization: “While you can plan meticulously, invest in the right tools and run countless exercises, nothing truly prepares you for the moment a real cyber event unfolds. The intensity, urgency and unpredictability of a live attack is unlike anything you can rehearse. That said, those drills are invaluable – they build muscle memory, sharpen instincts, and expose vulnerabilities in your systems.
