UK experienced 204 nationally significant cyber attacks in last year

The UK experienced a record 204 nationally significant cyber attacks in the year to August 2025, a dramatic 129% growth from 89 incidents the year before.

Cyber attacks classed as nationally significant are those that have a serious impact on a large organisation or on local or wider government, or which pose a considerable risk to central government or UK essential services.

The figures come from the National Cyber Security Centre’s (NCSC) ninth and latest annual review, published 14 October 2025, which shows a summary of trends, statistics and predictions of the cyber threats that jeopardise UK businesses.

The NCSC, which is a part of national security agency GCHQ, highlighted state-backed actors including China, Russia, Iran and North Korea, as well as the ever growing use of ransomware and artificial intelligence (AI) tools, as drivers of escalating threat levels.

AI, the report explained, has largely been used to augment and improve existing attack techniques, rather than create entirely novel threat vectors. These so-called “frontier” developments include automated spear-phishing campaigns and automated post-breach attack stages and data exfiltration.

According to Adrian Cox, chief executive at Beazley, the threats highlighted in the report demonstrate the importance of staying abreast of cyber security measures.

He said: “The NCSC’s review makes one thing perfectly clear – businesses need to invest now in protecting themselves and their suppliers through consistent and proactive cyber security measures, before, during and after an attack.

“Whilst no institution is impenetrable, the quality of response to an attack can be as impactful as preventing one in the first place. There is no simple solution to this problem, but it is time to build a mindset of preparation.”

Cyber action toolkit

The NCSC also announced the launch of a new Cyber Action Toolkit – a set of resources aimed at helping small businesses implement cyber defences – following its findings that the “new normal is that cyber criminals will target organisations of all sizes, operating in any sector”.

Ian Birdsey, partner at Clyde and Co, explained that preparedness for a cyber event should never be taken for granted, even when firms have put a response plan in place.

He said: “In the early stages of a serious cyber incident, such as a ransomware event, the most pressing issues are concerned with how teams will communicate when systems are encrypted, where can they find documents such as the incident response plan and who is their cyber insurer.

”While Clyde and Co’s annual corporate risk radar report reveals that 77% of executives are confident in their ability to defend against a cyber attack compared to five years ago, it’s important for businesses to understand that they are never 100% impenetrable.

“The best approach for cyber readiness is to plan and rehearse how the response to an incident will work, rather than putting all the resources into trying to prevent an attack, as no systems can be fully secure and cyber attacks are becoming inevitable.”