LONDON

The UK on Tuesday recorded a surge in serious cyberattacks over the past year, according to the National Cyber Security Centre (NCSC), which says the scale and severity of incidents are increasing at an alarming rate.

In its latest Annual Review, the NCSC revealed that it handled 204 "nationally significant" cyberattacks in the 12 months ending August 2025, more than doubling the 89 recorded the previous year. This translates to an average of four major cyber incidents per week.

Of the 429 incidents managed overall, 18 were classified as “highly significant,” meaning they had the potential to seriously disrupt essential services or cause long-term damage to national interests.

This represents a nearly 50% increase over the previous year and the third consecutive annual increase.

Many of the attacks were carried out by Advanced Persistent Threat (APT) actors, which are sophisticated groups often supported by nation-states or organized crime networks.

NCSC Chief Executive Richard Horne said the findings show that “cyber security is now a matter of business survival and national resilience.”

“With over half the incidents handled by the NCSC deemed to be nationally significant and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace,” he said.

“The best way to defend against these attacks is for organizations to make themselves as hard a target as possible. That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.”

In response, the UK government has written to the chief executives and chairs of major companies, including all firms in the FTSE 350 index, urging them to make cyber resilience a top-level priority.

The NCSC said it continues to operate “around the clock” to counter threats and strengthen the country’s digital defenses.