The number of “highly significant” cyber-attacks has surged by 50% over the past year, with the UK’s security services now confronting a nationally significant incident more than every other day, according to new figures from the National Cyber Security Centre (NCSC).
In what officials have described as “a call to arms”, ministers and national security leaders are urging organisations of all sizes — from small businesses to major corporations — to prepare for the possibility that their IT systems could be paralysed overnight. They are calling on firms to develop robust contingency plans in case their “infrastructure [is] crippled tomorrow and all [their] screens [go] blank”.
The NCSC, part of GCHQ, identified “highly sophisticated” China, “capable and irresponsible” Russia, Iran, and North Korea as the main state-linked cyber threats in its annual review published on Tuesday. The sharp rise in attacks is being fuelled by ransomware operations, often led by financially motivated criminal groups, as well as the growing digital dependence across society, which has expanded the number of vulnerable targets.
Chancellor Rachel Reeves, Security Minister Dan Jarvis, and Technology and Business Secretaries Liz Kendall and Peter Kyle have written jointly to leaders of the UK’s largest companies, urging them to make cyber-resilience a board-level priority. They warned that hostile cyber-activity targeting the UK has become “more intense, frequent and sophisticated”.
“Don’t be an easy target,” said GCHQ Director Anne Keast-Butler. “Prioritise cyber risk management, embed it into your governance, and lead from the top.”
Between September 2024 and September 2025, the NCSC handled 429 cyber incidents — nearly half deemed nationally significant, more than double the number recorded the previous year. Eighteen of these were classified as “highly significant”, meaning they had serious impacts on government operations, essential services, the wider public, or the economy.
Most of the major incidents were ransomware attacks, including those that severely disrupted Marks & Spencer and the Co-op Group.
