NCSC Reports 130% Surge in Nationally Significant Cyber Incidents: What It Means for UK Businesses

The UK’s National Cyber Security Centre (NCSC) has released its Annual Review 2025, revealing a dramatic 130% increase in “nationally significant” cyber incidents over the past year. Between September 2024 and August 2025, the agency responded to 204 such incidents, up from just 89 the previous year.

This marks the highest number of critical cyber events ever recorded in the UK, underscoring the growing urgency for businesses to strengthen their cyber resilience.

A Wake-Up Call for UK Organisations

The NCSC categorises cyber incidents into six severity levels, with Category 2 incidents (those with serious impact on central government, essential services, or large portions of the population) rising by 50% year-on-year. While no Category 1 “national cyber emergencies” were reported, the increase in Category 2 incidents signals a troubling trend.

Recent attacks on household names such as Marks & Spencer, Co-op Group, and Jaguar Land Rover were cited as stark reminders of the real-world consequences of cyber threats. Empty shelves and halted production lines have become symbols of the UK’s cybersecurity challenges in 2025.

Business Survival Hinges on Cyber Preparedness

Speaking at the Annual Review launch event, NCSC Chief Executive Richard Horne delivered a clear message: “Cybersecurity is now a matter of business survival and national resilience.”

Horne emphasised that attackers are becoming more sophisticated and indiscriminate. Yet, he also highlighted that many cyber-attacks fail because organisations have invested in robust defences and continuity planning.

“Hesitation is a vulnerability,” Horne warned. “The future of your business depends on the action you take today.”

Key Findings from the NCSC Annual Review 2025

  • Incident Volume: 1,727 tips were received, with 429 escalated to incidents requiring NCSC support.
  • Financial Losses: Q2 2025 saw a 27% drop in direct financial losses from cyber incidents, suggesting improved response strategies.
  • Scams & Fraud: These remained the most reported threats, with 514 incidents in Q2 alone.
  • Malware Spike: Malware-related incidents rose by 83% compared to the previous quarter.
  • Social Engineering: Attackers increasingly targeted IT helpdesks to gain access to sensitive systems.

Government Urges Action

Senior ministers are now writing to FTSE 100 and FTSE 250 leaders, urging them to prioritise cybersecurity at board level. The letters call for:

  • Enrolment in the NCSC’s free Early Warning service.
  • Supplier compliance with Cyber Essentials standards.
  • Cultural shifts to treat cyber risk as a strategic business issue.

Natilik’s Perspective

At Natilik, we believe that cybersecurity is not just a technical challenge, it’s a strategic imperative. As threats evolve, so must our defences. We work with clients to build resilient infrastructures, implement proactive monitoring, and ensure continuity plans are in place.

Whether you’re a small business or a multinational enterprise, the time to act is now. Let’s make cybersecurity a cornerstone of your business strategy. Find out more on our Natilik Cyber Security offering here.

Download here to read the full NCSC 2025 Report

Richard Beesly
Cyber Security Sales Specialist at Natilik
Return to Resources
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.