Cyberattacks at nine-year high, says NCSC

Annual review records near 50% increase in 'highly significant incidents'

National security officials and ministers are urging all organisations, from sole traders up to the largest enterprise to take business resilience seriously, use the often-free tools available, and draw up contingency plans for crippling cyberattack.

The NCSC has released its Annual Review, and it doesn't make for comforting reading.

Overall, the year ending August 2025 contained the highest level of cyber threat activity recorded by the NCSC in nine years. The NCSC dealt with 204 ‘nationally significant’ cyber-attacks against the UK in this time. This is a steep rise from 89 in year ending August 2024.

Of a total of 429 incidents handled by the agency, part of GCHQ, 18 were categorised as ‘highly significant’ which means that they had the potential to have a serious impact on essential services. This marks an almost 50% increase on incidents of this nature from the previous year, and an increase for the third-year running.

According to the NCSC, China, Russia, Iran and North Korea remain the primary sources of state backed threats. The increase in attacks has been largely driven by ransomware and as we have seen from a recent spate of arrests, the cybercrime gang masters perpetuating these attacks have built a pipeline of juvenile talent to do their bidding.

In a forward to the report, Anne Keast-Butler, Director GCHQ says:

“This year, the realities of cyberattacks have hit the headlines and impacted the bottom lines of many companies. Incidents like the high-profile attacks on Marks & Spencer, the Co-op Group and Jaguar Land Rover serve as a stark reminder that the cyber threat is not just an abstract concept but a real one with real-world costs.”

To underline the urgency of raising our collective defences, ministers, the NCSC and the National crime Agency (NCA) have written an open letter to chief executives and chairs of prominent businesses, including the entire FTSE350, warning them that the growing intensity, frequency and sophistication of hostile cyber activity demands an "urgent collective response," to these threats to our economic and national security.

The letter sets out the tools available to businesses and sets out three specific steps that all organisations should take:

• Use the government's Cyber Governance Code of Practice which was developed with industry leaders and sets out critical actions Boards and directors should take to govern cyber risk effectively.
• Sign up to the free NCSC early warning service.
• Make sure your organisation and every part of your supply chain complies with the Cyber Essentials standard.

Security minister Dan Jarvis will speak to business and cyber experts today in a call to action at the launch of the NCSC’s annual review launch

“Cybercrime is a serious threat to the security of our economy, businesses, and people’s livelihoods. While we work round the clock to counter threats and provide support to businesses of all sizes – we cannot do it alone,” said Jarvis.

“We’re working with business leaders to ensure they recognise the scale of the threat and make cyber security a top priority.”

The NCSC has also launched a Cyber Action Toolkit aimed at small businesses and sole traders to ensure basic levels of security are met.

“The best way to defend against these attacks is for organisations to make themselves as hard a target as possible,” said Dr Richard Horne, chief executive of the NCSC.

“That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.”

If you’re a current or aspiring cybersecurity leader check out the Computing Security Leaders Summit on March 26th 2026. Packed with content including business continuity planning, bridging the cyber skills gap and cloud resilience, its promises to be full of insight and practical advice to take away. Register here for your free place.