Cyberattacks are on the rise in the UK, according to the National Cyber Security Centre (NCSC), the UK’s technical authority for cybersecurity.
In its Annual Review, published on Tuesday, the security agency states that the UK has experienced a 50% increase in “highly significant” cyberattacks over the past year. Officials attributed the surge to the UK’s increasing dependence on digital systems and a sharp increase in ransomware activity targeting organisations for financial gain.
Figures from the NCSC annual review revealed dramatic insights into the state of the UK’s cybersecurity, including that it is experiencing the highest level of malicious digital activity recorded in nearly a decade, as the organization faces a new nationally significant cyber incident roughly every other day.
More bad actors than Hollywood
According to the report, the primary threats to security causing the 50% spike are state-sponsored actors from China, Iran, North Korea, and Russia, and underscored Russia’s role in inspiring informal “hacktivist” groups that have launched disruptive attacks on the UK, the US, and other European and NATO countries.
Significant incidents have hampered operations at major firms, including Jaguar Land Rover, Marks & Spencer, and the Co-op Group, and have even triggered delays at various European airports just last month.
NCSC handled 429 cyber incidents from August 2024 to September 2025, nearly half of which were classified as nationally significant. This is more than double that of the prior year. Eighteen of the incidents were considered “highly significant”, meaning they had a serious impact on the economy, the mass population, essential services, or the government.
London calling
The UK government responded by issuing a “call to arms” to organizations, urging them to strengthen their cyber defenses and create contingency plans in the eventuality that their IT infrastructure is impacted.
“Cybersecurity is now a matter of business survival and national resilience,” stated Richard Horne, the NCSC’s chief executive, in a speech delivered at the Annual Review 2025 launch event on October 14 at NCSC headquarters in London.
Senior ministers, including Chancellor Rachel Reeves and Security Minister Dan Jarvis, have stressed to business leaders that cyber-resilience must be treated as a board-level responsibility.
“Cybercrime is a serious threat to the security of our economy, businesses, and people’s livelihoods,” said Jarvis. “While we work round the clock to counter threats and provide support to businesses of all sizes – we cannot do it alone.”
The NCSC also warns of the growing role of artificial intelligence in cybercrime, predicting that AI-enhanced attacks will “almost certainly pose cyber-resilience challenges to 2027 and beyond.”
Also in the world of cybersecurity, a GitHub Copilot Chat bug let attackers steal private code via prompt injection.