“Highly significant” cyber-attacks in the UK have surged by 50% over the past year, according to figures released by the National Cyber Security Centre (NCSC). The rise in serious cybersecurity incidents means the UK is now seeing more than one “nationally significant” attack on average every other day.
In its latest annual review, the NCSC, which forms part of GCHQ, reported that out of 429 cyber-incidents handled between September 2024 and August 2025, 204 were deemed nationally significant. That is a marked increase from the previous year, when only 89 incidents reached that threshold. Of particular concern are 18 attacks classified as “highly significant,” meaning they had substantial effects on central government operations, essential services, large segments of the population, or the broader economy.
The NCSC highlighted that threats come not only from criminal ransomware actors, but also from state-linked groups, such as China, Russia, Iran and North Korea. These risks are being amplified by society’s growing reliance on digital infrastructure, which creates more possible entry points for attackers. In response, government ministers, including the chancellor and the secretaries of security, technology, and business, have urged all organisations, from small businesses to major national employers, to treat cyber-resilience as a top-level governance priority. Companies have been advised to develop contingency plans in case their IT systems are disrupted or disabled.
As one senior security official put it: “Don’t be an easy target. Prioritise cyber risk management, embed it into your governance and lead from the top.”
Overall, the NCSC’s findings mark the highest level of cyber-threat activity recorded in nearly a decade, underscoring the urgency for organisations across the UK to bolster their defences.
What next for your business?
If you need to review your companies Cyber defences then take a look at our ultimate solution Advantage Secure365™ and keep your business safe.
