UK's NCSC Warns of 'Alarming' Rise in Cyberattacks, Doubling in Past Year

UK's National Cyber Security Centre Reports "Nationally Significant" Cyberattacks More Than Doubled

INFORMATIONAL
October 6, 2025
October 18, 2025
4m read
Policy and ComplianceRegulatoryThreat Intelligence

Related Entities(initial)

Organizations

GCHQNational Cyber Security Centre (NCSC)

Other

ChinaIranNorth KoreaRussia

MITRE ATT&CK Techniques

T1203Execution

Exploitation for Client Execution

T1486Impact

Data Encrypted for Impact

T1589Reconnaissance

Gather Victim Identity Information

Full Report(when first published)

Executive Summary

The United Kingdom is facing an unprecedented and escalating cyber threat landscape, according to the 2025 Annual Review released by the National Cyber Security Centre (NCSC), a part of GCHQ. The report, published on October 6, 2025, reveals a dramatic surge in serious cyber incidents, with the agency handling 204 "nationally significant" attacks in the year leading up to August 2025. This figure is more than double the 89 incidents recorded in the prior year, averaging four major incidents per week. The NCSC attributes this growth to the combined pressures of sophisticated state-sponsored espionage from nations like China and Russia, and the relentless onslaught of high-impact ransomware attacks.

Regulatory Details

The NCSC's annual review serves as a key indicator of the national threat level and guides public and private sector cybersecurity priorities. Key findings from the report include:

  • Incident Volume: The NCSC managed a total of 429 incidents, with 204 classified as "nationally significant."
  • High-Significance Incidents: 18 of these incidents were categorized as "highly significant," a nearly 50% increase from the previous year. These incidents pose a direct threat to the UK's essential services or national security.
  • Primary Threat Sources: The report explicitly names state-sponsored actors and criminal ransomware groups as the primary drivers of the threat increase.
    • China is described as a "highly sophisticated" actor, posing a long-term strategic challenge.
    • Russia is labeled a "capable and irresponsible" actor, often engaging in disruptive and reckless cyber activities.

In response, UK government ministers are actively engaging with the leaders of the nation's largest companies, urging them to make cyber resilience a board-level priority and to drive security standards, such as the Cyber Essentials scheme, down through their supply chains.

Affected Organizations

The scope of the threat is nationwide, affecting a wide range of entities:

  • UK government departments and agencies
  • Critical National Infrastructure (CNI) operators
  • Large corporations and small-to-medium enterprises (SMEs)
  • Essential public services, including healthcare and education
  • The broader UK public, due to society's increasing reliance on technology

Compliance Requirements

While the review itself does not introduce new regulations, it strongly reinforces the need for organizations to adhere to existing best practices and government schemes. The NCSC's call to action implies an expectation that organizations, particularly those in critical sectors or large enterprises, should be able to demonstrate robust cyber governance. This includes:

  • Board-Level Oversight: Making cybersecurity a regular topic of discussion at the board level, with clear lines of accountability.
  • Risk Management: Implementing a comprehensive risk management framework that addresses cyber threats.
  • Supply Chain Security: Vetting the security posture of suppliers and partners and contractually requiring adherence to security standards.
  • Adoption of Standards: Implementing foundational controls as outlined in schemes like Cyber Essentials.

Impact Assessment

The doubling of nationally significant incidents indicates that the collective exposure of the UK to serious harm is "growing at an alarming pace." The business and operational impacts are substantial:

  • Economic Damage: Costs associated with ransomware payments, operational downtime, and incident response are a significant drain on the economy.
  • Threat to National Security: State-sponsored attacks aim to steal sensitive government and military secrets, conduct espionage, and preposition for future disruptive activities.
  • Disruption of Essential Services: An attack on CNI could impact the availability of power, water, transportation, and healthcare, affecting the entire populace.
  • Erosion of Public Trust: Persistent cyberattacks can erode public trust in digital services and institutions.

Compliance Guidance

The NCSC's message is a clear directive for organizations to move beyond reactive security and build proactive resilience.

  1. Elevate Governance: Secure board-level buy-in and establish a cybersecurity steering committee.
  2. Implement Foundational Controls: Achieve and maintain certification for Cyber Essentials or a similar framework (e.g., ISO 27001, NIST CSF).
  3. Develop and Test an Incident Response Plan: Ensure the organization is prepared to respond to and recover from a significant cyberattack. This plan should be tested regularly through tabletop exercises.
  4. Focus on Supply Chain Risk: The report emphasizes that an organization is only as strong as its weakest link. Implement a third-party risk management program to assess and manage the security of suppliers.
  5. Engage with NCSC: Utilize the resources, guidance, and threat intelligence provided by the NCSC to inform defensive strategies.

Timeline of Events

1
October 6, 2025
The UK's NCSC publishes its 2025 Annual Review.
2
October 6, 2025
This article was published

Article Updates

October 9, 2025

NCSC launches new 'Cyber Action Toolkit' for SMBs, reiterating 129% surge in nationally significant cyberattacks and emphasizing board-level responsibility.

The NCSC's 2025 Annual Review, released on October 9, confirms a 129% surge in 'nationally significant' cyber incidents, rising to 204. In response to the escalating threat, the NCSC has launched a new 'Cyber Action Toolkit' specifically designed for small businesses and sole traders to bolster their defenses. NCSC Chief Executive Dr. Richard Horne emphasized that cybersecurity is now a fundamental component of business survival and national resilience. The report also details increased scrutiny, higher cyber insurance premiums, and heightened supply chain risk as key impacts for UK organizations.

Update Sources:
techhq.comFour UK cyber attacks per week: NCSC warns of “alarming” threat escalation
ncsc.gov.ukNCSC Annual Review 2025

October 18, 2025

Severity increased

New analysis highlights supply chain vulnerabilities as a primary driver for the surge in cyberattacks, with third-party providers as key entry points.

Further analysis of the NCSC's report emphasizes that supply chain vulnerabilities are a critical factor behind the doubling of nationally significant cyberattacks. Experts, including Simon Colvin of Pinsent Masons, point to third-party service providers like IT helpdesks and MSPs as common gateways for attackers to breach core business systems. A September 2025 survey by Cips supports this, revealing that 29% of procurement managers reported a supply chain partner had been attacked recently. This highlights a systemic risk, expanding the attack surface and necessitating enhanced vendor risk management, principle of least privilege, and network segmentation for mitigation.

Update Sources:
pinsentmasons.comUK cyber watchdog sounds preparation warning after sharp rise in significant attacks
theguardian.comNearly a third of bosses report increase in cyber-attacks on their supply chains

Sources & References(when first published)

UK experiencing four 'nationally significant' cyber attacks every week
ncsc.gov.ukOctober 6, 2025
Cyber-attacks rise by 50% in past year, UK security agency says
theguardian.comOctober 6, 2025
Company bosses warned cyber attacks are 'not a question of if but when'
itv.comOctober 6, 2025
UK experiencing four 'nationally significant' cyber attacks every week
ncsc.gov.ukOctober 13, 2025
Businesses urged to protect themselves as number of nationally significant cyber attacks rises to four a week
gov.ukOctober 13, 2025
NCSC Annual Review 2025: Surge in ransomware and hacking; growing gap between threats and national defenses
industrialcyber.coOctober 16, 2025
Data breaches across two continents draw record fines on Capita and US insurers | Cyber Intelligence Briefing: 17 October 2025
s-rminform.comOctober 17, 2025

Article Author

Jason Gomes

Jason Gomes

• Cybersecurity Practitioner

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.

Threat Intelligence & AnalysisSecurity Orchestration (SOAR/XSOAR)Incident Response & Digital ForensicsSecurity Operations Center (SOC)SIEM & Security AnalyticsCyber Fusion & Threat SharingSecurity Automation & IntegrationManaged Detection & Response (MDR)
LinkedIn

Tags

NCSCPolicyRansomwareState-Sponsored HackingThreat ReportUK

📢 Share This Article

Help others stay informed about cybersecurity threats

Continue Reading

Previous All Next