The National Cyber Security Centre (NCSC) published its Annual Review 2025, revealing the UK now faces an average of four nationally significant cyber incidents every week. The NCSC is urging every business to make cyber resilience a boardroom priority, not just an IT issue.
In the year to August 2025, the NCSC Incident Management team responded to 429 cyber incidents. Nearly half were nationally significant, meaning major effects on government services, essential infrastructure, the wider economy or a significant share of the population. That represents a 50 percent year‑on‑year rise in highly significant incidents and continues an upward trend.
The Review warns that growing dependence on digital systems leaves society more exposed to ransomware and disruptive attacks. Many organisations still lack tested plans to maintain critical operations if key systems are suddenly taken offline. The NCSC’s message is clear: every organisation should assess whether it could still function during a major outage and, if not, put in place a robust defence and continuity strategy owned by senior leadership.
At the launch, CEO Richard Horne stated that the urgency to act has never been greater, with incidents increasing in scale, frequency and impact across all sectors. Home Office Security Minister Dan Jarvis echoed the call, framing cyber investment as both a necessity to protect people and an opportunity to build confidence and growth amid rapid technological change.