Serious cyberattacks increase 50% in past year, UK security agency says

The UK’s digital environment is facing an escalating crisis, with “highly significant” cyberattacks rising by $50\%$ in the past year.

New figures from the National Cyber Security Centre (NCSC), which is part of GCHQ, reveal officials are now tackling a nationally significant incident more than every other day.

The NCSC’s annual review described the situation as a “call to arms,” warning that society’s increased dependence on technology is directly exposing it to more threats, primarily ransomware attacks carried out by criminal groups seeking financial gain.

This rise is compounded by state-level threats from countries like “highly sophisticated” China and “capable and irresponsible” Russia.

In the year leading up to September, the NCSC managed $429$ cyber incidents. Critically, nearly half were deemed nationally significant, more than doubling in the last twelve months.

Eighteen incidents were classified as “highly significant,” meaning they seriously impacted essential services, the government or the economy, including major ransomware attacks that affected retailers such as Marks & Spencer and the Co-op Group.

The UK government has written to leaders of the largest British companies, stressing the need to make cyber-resilience a board-level responsibility. GCHQ director Anne Keast-Butler urged businesses: “Prioritise cyber risk management, embed it into your governance and lead from the top.”

Adding to the complexity, the NCSC warned that hackers are increasingly leveraging Artificial Intelligence (AI) to sharpen their operations. While the agency has yet to face an AI-initiated attack, it forecasts that AI will “almost certainly pose cyber-resilience challenges” through $2027$ and beyond.

Richard Horne, the NCSC’s chief executive, emphasized the human cost of these breaches. “We do see our attackers improving their ability to cause real impact, to inflict pain on the organisations they have breached,” he said, stressing that organizations must act now to protect their staff, suppliers, and customers from disruption, worry and the resulting financial damage.