In the year to September 2025, GCHQ’s National Cyber Security Centre handled 204 cyber incidents deemed “nationally significant” — an average of four each week. The figure marks a sharp escalation in the scale and sophistication of cyber threats targeting UK institutions and businesses.
According to the NCSC, 18 of those incidents were classed as “highly significant,” meaning they required cross-government coordination and had potential to disrupt essential services or national infrastructure. That subset has risen by nearly 50 per cent year-on-year, reflecting a broader increase in state-sponsored and financially motivated attacks.
The agency warned that cyber risks are now “a persistent national-level concern,” with major incidents affecting companies across retail, automotive, and logistics. Jaguar Land Rover, Marks & Spencer, and the Co-op were among the large organisations targeted in recent months. The ransomware attack on JLR led to a six-week pause in production at several UK plants and cost millions in lost output and recovery work.
Officials say that while the majority of incidents have been contained without widespread damage, the frequency of significant attacks underscores a growing strategic challenge for both government and industry. In a statement, the NCSC said: “The volume and impact of cyber incidents are increasing, and they are affecting every sector of the economy. Cyber resilience must now be treated as a core element of business governance.”
The findings come ahead of the government’s planned Cyber Security and Resilience Bill, expected to tighten reporting requirements and expand regulatory oversight of critical digital infrastructure. The legislation will seek to align the UK’s standards with the EU’s NIS2 Directive and introduce mandatory board-level accountability for cyber preparedness.
A recent report by the National Audit Office warned that one in three cyber-security roles within central government remain unfilled or are covered by contractors. It found that many public-sector systems still rely on outdated technology, leaving critical services exposed. The Public Accounts Committee echoed that concern, stating that “the cyber threat is evolving faster than the government’s ability to respond.”
Industry analysts note that the rise in major incidents coincides with increasing use of AI-enabled attack tools and deep supply-chain intrusions. Businesses are being urged to reassess their cyber-risk governance, particularly around vendor access and data integrity. “Resilience has become a collective responsibility — from the boardroom to the back office,” said NCSC chief executive Felicity Oswald.
The NCSC is advising boards to integrate cyber risk into enterprise risk management frameworks and to conduct regular resilience testing. Its guidance now includes tailored briefings for directors and senior executives, designed to embed cyber governance into broader corporate oversight.
While the UK’s cyber defence capability remains regarded as among the strongest globally, officials acknowledge that the threat landscape is shifting rapidly. Analysts expect further expansion of critical-infrastructure oversight and closer cooperation between the NCSC, regulators, and industry bodies over the coming year.
