UK NCSC Reports 130% Spike in "Nationally Significant" Cyber Incidents

The UK’s National Cyber Security Centre (NCSC) reported 204 “nationally significant” cyber incidents between September 2024 and August 2025, according to the agency’s latest Annual Review 2025, published on October 14. This is the highest-ever number and represents a 130% increase compared to the previous year, when UK organizations faced 89 incidents of such high impact.

The 204 incidents characterized as “nationally significant” fell into one of the top three cyber-attack categories used by the NCSC and UK law enforcement. While no incidents of cyber “national emergency” (Category 1) were reported, the NCSC helped UK organizations with 18 “highly significant incidents” (Category 2) over the reported period – a rise from the 12 recorded in the previous period.

These incidents were categorized as such because they had a serious impact on central government, UK essential services, a large proportion of the UK population or the UK economy. However, an introduction to the report penned by Anne Keast-Butler, director of the NCSC’s parent agency, the Government Communications Headquarters (GCHQ), mentioned recent cyber-attacks on Marks & Spencer, the Co-op Group and Jaguar Land Rover as “high-profile attacks” that “serve as a stark reminder that the cyber threat is not just an abstract concept but a real one with real-world costs.”

Richard Horne, the NCSC’s chief executive, delivered a speech at the Annual Review 2025 launch event on October 14 at NCSC headquarters in London. In the address to UK businesses, he warned: “The time to act is now. […] Cybersecurity is now a matter of business survival and national resilience. With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.”

To read the complete article see: Infosecurity Magazine