London, UK – The UK's National Cyber Security Centre (NCSC), a division of GCHQ, has issued a stark warning about the escalating cyber threat landscape, reporting a 50% surge in "highly significant" cyberattacks over the past year. This surge underscores the increasing reliance on digital systems and a sharp increase in ransomware activity targeting organizations for financial gain.

In its annual review, published Tuesday, the NCSC revealed it responded to 429 cyber incidents between September 2024 and August 2025, with 204 incidents classified as "nationally significant". This is more than double the 89 incidents recorded in the previous year. Eighteen of these were considered "highly significant", meaning they had a serious impact on essential services, the economy, the mass population, or central government. This marks the third consecutive year of increasing attacks at this critical severity level.

The agency attributes the rise to state-sponsored actors from China, Iran, North Korea, and Russia, as well as an increase in ransomware activity. The NCSC also highlighted Russia's role in inspiring informal "hacktivist" groups that have launched disruptive attacks on the UK, the US, and other European and NATO countries. These groups and hostile states are using increasingly sophisticated methods, including artificial intelligence (AI), to improve the potency of their attacks.

Several major British brands, including Marks and Spencer, Co-op, and Jaguar Land Rover, have been affected by breaches. Last month, cyberattacks even triggered delays at various European airports. According to the report, the UK is experiencing the highest level of malicious digital activity recorded in nearly a decade, with a new nationally significant cyber incident occurring roughly every other day. This translates to an average of four major cyberattacks targeting UK interests every week.

In response to the rising cyber threats, the UK government is urging top business leaders, particularly those in FTSE 350 companies, to make cyber resilience a board-level priority. The NCSC has launched the Cyber Action Toolkit to help small organizations implement essential security measures and is urging the adoption of Cyber Essentials, which provides protection guidance and includes automatic cyber insurance for UK firms with a turnover of under £20 million.

NCSC Chief Executive Richard Horne issued a stark warning, stating that "Cybersecurity is now a matter of business survival and national resilience". He emphasized that with over half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks compared to last year, the collective exposure to serious impacts is growing at an alarming pace. He further urged business leaders to recognize that their organizations' futures depend on immediate action, stating that "hesitation represents a vulnerability".