The United Kingdom’s National Cyber Security Centre (NCSC) has issued a stark warning to business leaders following a 50% rise in “highly significant” cyber incidents over the past year. According to NCSC Chief Executive Richard Horne, the agency handled 429 cyber incidents between August 2024 and August 2025, with nearly half considered of national significance — affecting critical services, government systems, and the broader UK economy.
The findings, part of the NCSC’s Annual Cyber Review, underline growing concerns about the resilience of both large corporations and small businesses. “Every leader — whether you’re one person at your kitchen table or the boss of thousands — must have a plan to defend against criminal cyberattacks,” Horne emphasized during the report’s launch in London.
Major UK brands hit as cyberattacks intensify
The surge in cyber incidents follows a string of high-profile breaches that temporarily crippled some of the UK’s biggest consumer brands, including Marks & Spencer, Co-op, and Jaguar Land Rover (JLR). These attacks exposed critical vulnerabilities in supply chains, where smaller vendors often lacked adequate cybersecurity defenses.
In one of the year’s costliest disruptions, JLR reportedly lost £50 million per week during a six-week manufacturing halt caused by a cyberattack. The UK government later extended a £1.5 billion loan guarantee to support the automaker’s recovery and sustain its supplier network.
NCSC officials said 18 of the 429 incidents were categorized as “highly significant” — meaning they had serious national impact, affecting central government operations, essential public services, or large portions of the population.
National response and corporate accountability
In response, the Department for Science, Innovation & Technology (DSIT) has written to the FTSE 350 companies, urging them to treat cyber resilience as a board-level responsibility and to familiarize themselves with government-backed support frameworks.
The NCSC also reported a sharp rise in category 1–3 attacks, the most serious classifications, with 204 such cases in 2025, more than double the 89 incidents recorded the previous year. These include large-scale ransomware campaigns, supply-chain intrusions, and sophisticated nation-state operations targeting critical infrastructure.
“The resilience of companies — especially small and medium-sized suppliers — is being tested like never before,” said Horne. “If your IT systems went offline tomorrow, could you still run payroll, keep production going, or stock your shelves? If the answer is ‘no’ or even ‘don’t know,’ the time to act is now.”
Raising the bar for national cyber defense
The UK government’s intensified focus on cyber resilience reflects growing geopolitical risks and economic exposure to digital disruption. The NCSC’s recommendations include improving incident response readiness, investing in threat intelligence, and prioritizing secure cloud migration and software supply chain monitoring.
As cyberattacks become more sophisticated and frequent, the NCSC’s message is clear: cybersecurity is no longer an IT issue — it’s a national and corporate imperative.
