NCSC: Sense of Urgency as Numbers of Cyber Attacks Spike
As the UK faces an unprecedented surge in cyber threats, the National Cyber Security Centre (NCSC) warns that cyber security has now become a matter of national resilience.
According to the NCSC’s latest Annual Review 2025, the organisation alone handled 204 nationally significant cyber incidents in the past year – more than double the 89 recorded in the previous 12 months.
In total, the NCSC managed 429 incidents, of which 18 were classed as “highly significant,” meaning they had the potential to cause serious disruption to essential services such as government operations, energy supply, and healthcare infrastructure.
However, this is not just a UK problem.
Cybersecurity: A growing concern
This 50% increase coincides with the third consecutive year of rising cyber incidents and reflects a broader escalation in both the frequency and sophistication of attacks.
Dr Richard Horne, Chief Executive of the NCSC, describes cybersecurity as “a matter of business survival and national resilience,” urging every organisation, from large enterprises to small firms, to treat cyber preparedness as a boardroom priority.
“With nearly half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace,” he says.
“The best way to defend against these attacks is for organisations to make themselves as hard a target as possible. That demands urgency from every business leader: hesitation is a vulnerability and the future of their business depends on the action they take today.
“The time to act is now.”
Ransomware remains one of the primary threats, with financially motivated groups exploiting vulnerabilities in supply chains, cloud services and connected technologies.
State-backed actors from China, Russia, Iran and North Korea continue to pose significant risks, NCSC says, fuelling what the government has called a “call to arms” for business leaders to improve defences and raise awareness across all sectors.
Toby Gasston, Principal Product Manager at Wireless Logic, says the growing role of connectivity and IoT in expanding the nation’s attack surface.
“The UK being under near-constant cyber-attack comes as no surprise,” Toby says. “As industries digitise, their most critical functions increasingly depend on connected devices and IoT infrastructure.
“This growing reliance expands the threat surface and demands a new level of vigilance, along with recognition that it brings vulnerabilities which can no longer be ignored.
“From energy and healthcare to retail and manufacturing, connected devices now form the backbone of daily operations. They control heating and power, monitor patients and optimise production lines. Yet many still sit outside traditional IT perimeters, creating blind spots where attackers can move unseen.
“With thousands or even millions of endpoints across supply chains, the challenge isn’t securing a single device but the entire network that connects them. The government is right to call for board-level focus – cyber resilience has become a strategic imperative.
“The way we think about IoT security must evolve from piecemeal protection to built-in resilience. Secure-by-design connectivity, supported by strong authentication, anomaly detection and continuous visibility, ensures every device on a network is identifiable and protected from compromise.
“It’s the only sustainable way to safeguard the UK’s connected economy against the kind of large-scale disruption the NCSC is warning about.”
Pierre Noel, Field CISO EMEA at Expel, adds: "Ransomware has rapidly evolved from opportunistic encryption attacks into highly professionalised ecosystems. Currently, ransomware groups operate like SaaS businesses, complete with subscription tiers, dashboards and user support. They exploit vulnerabilities, compromised credentials, or misconfigured appliances.
“Identity-based attack attempts dominate, accounting for 67.6% of the incidents our SOC handled in Q2 2025 for our customers. Alarmingly, 13.8% of observed threats were non targeted malware, underscoring that even indiscriminate campaigns can cause devastating damage when organisations lack basic cyber hygiene.
“This evolution coincides with regulatory shifts, such as the UK’s consultation on banning ransom payments. If implemented, organisations may lose the fallback of paying to regain access, forcing criminals to lean harder on data exfiltration and public leaks to drive extortion. In this context, prevention is paramount.
“However, technology alone is not sufficient. Despite the widespread adoption of incident response plans, many organisations still fail in execution; only 32% of businesses and 30% of charities report breaches externally.
“Looking ahead, ransomware will likely grow more automated, leveraging AI for faster, broader, and more tailored attacks. For now, multilayered defence – immutable back-ups, strong visibility, rapid remediation, robust threat intelligence, continuous monitoring and regular testing – is the best path forward.
“Organisations that build resilience and preparedness will not just survive ransomware – they will be far less attractive targets in the first place.”
Shifting from reactive to proactive
Dolores Saiz, CEO of cloud consultancy The Server Labs, said the NCSC review should serve as a wake-up call.
“The 50% rise in cyber-attacks highlighted in the National Cyber Security Centre’s report is a stark reminder that no organisation is immune,” she says. “Security can’t be an afterthought or a reaction to a breach, it has to be engineered into the very fabric of every system, every process and every partnership.”
The UK’s rise in cyber incidents reflects a wider global escalation in digital risk.
According to the World Economic Forum’s Global Cybersecurity Outlook 2025, 72% of global organisations reported a rise in cyber threats over the past year, with attacks increasing in both frequency and sophistication.
Worldwide, ransomware continues to dominate the cyber threat scene. Check Point research shows that while total global cyber-attack volumes stabilised slightly in late 2025, ransomware incidents have surged by 46%, driven by Gen AI-powered tools capable of automating phishing, credential theft and data exfiltration.
“At Check Point Software, our research continues to highlight that the complexity and velocity of today’s cyber threats demand a multi-layered, prevention-first approach,” the company says. “Traditional detection alone is no longer sufficient – organisations need real-time, proactive security capable of stopping attacks before damage occurs.”