“Nationally significant” cyberattacks in the UK more than doubled compared to last year. Disruptions at Marks & Spencer, the Co‑op Group, and Jaguar Land Rover grabbed the headlines, and over 200 other major breaches occurred in one year, NCSC said in a report.
In the 12 months to August 2025, the UK National Cyber Security Centre (NCSC) analyzed 1,727 cybersecurity incident tips, 429 of which required support from the Incident Management Team.
“Nationally significant” incidents more than doubled, from 89 incidents a year ago to 204 this year. A small fraction, 18, of them were categorized as highly significant in nature, 50% more than a year ago.
This “highly significant” categorization means that the cyber incidents had the potential to have a serious, widespread disruption of essential services or long-term damage to national interests, and they require a coordinated cross-government response.
“Empty shelves and stalled production lines are a stark reminder that cyberattacks no longer just affect computers and data, but real business, real products, and real lives,” Dr. Richard Horne, Chief Executive of the NCSC, said in the latest Annual Review.
The watchdog warns that cyber threats continue to escalate, and the UK is now experiencing four nationally significant cyberattacks every week.
The situation prompted the NCSC to launch a free cyber toolkit, detailing clear, bite-sized actions for businesses to take. NCSC warns that one in two UK small businesses experienced a cyberattack last year and urges companies to take concrete action to protect themselves.
Curious what others think about this story? Contribute your thoughts to the debate below.
State-sponsored threat actors seem to be the major concern for network defenders.
“Our incident management team faced a record number of nationally significant incidents,” the report reads.
The NCSC highlighted Chinese, Russian, Iranian, and North Korean threats, followed by ransomware gangs. However, the majority of the most significant cyber incidents were non-ransomware.
Just three exploited vulnerabilities were associated with 29 incidents managed by the NCSC. These include on-premises Microsoft SharePoint Server vulnerability, a bug affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways, and missing authentication for a critical Fortinet FortiManager function.
The NCSC warns that cyberattacks can cause critical losses. The Marks & Spencer breach alone is expected to cost 300 million pounds ($398 million) to the company and its insurer directly, not calculating the wider impact on customers, third parties, and wider society.
Another example is a ransomware attack on pathology laboratory services provider Synnovis, which led to significant clinical healthcare disruption across the London region. The incurred costs of £32.7 million far outstripped Synovis’ profit of £4.3 million for 2023.
The report's title page reads, “It’s time to act." The report emphasizes that all organizations must take proactive measures to defend against cyber risks and that cyber resilience is a board-level responsibility.
“The best way to defend against these attacks is for organisations to make themselves as hard a target as possible. That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today,” Horne said.
The NCSC also urges businesses to implement Cyber Essentials, a government-backed certification scheme that helps organizations guard against the most common cyberattacks.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked