Surge in Nationally Significant Cyberattacks in the United Kingdom
The United Kingdom has experienced a dramatic increase in the number and severity of cyberattacks targeting its organizations, as highlighted in the National Cyber Security Centre's (NCSC) latest annual review. Over the past year, the NCSC incident management team responded to 429 cyberattacks, a figure nearly identical to the previous year, but the proportion of attacks classified as 'nationally significant' rose sharply to 204, representing a 48% increase. The number of 'highly significant' attacks, which have a serious impact on central government, essential services, or a large segment of the population, also increased by 50%, reaching 18 incidents. These highly significant attacks are just one step below a national cyber emergency and require coordinated responses from senior government officials and law enforcement. The NCSC categorizes incidents on a six-level scale, with the most severe being those that disrupt critical services or threaten national security.
The government has responded to this surge by issuing direct communications to chief executives and business leaders, urging them to take concrete steps to bolster their cyber resilience. This includes the recommendation to maintain physical, offline copies of cyberattack contingency plans, as digital systems may be rendered inaccessible during an incident. The advice comes in the wake of high-profile attacks on major UK companies such as Marks and Spencer, The Co-op, and Jaguar Land Rover, which resulted in empty shelves and halted production lines due to IT system outages. The attack on Jaguar Land Rover, in particular, was described as an economic security incident, with prolonged disruption threatening the government's economic growth objectives.
The NCSC's annual review emphasizes the need for organizations to adopt resilience engineering strategies, focusing on the ability to anticipate, absorb, recover, and adapt to cyber threats. Firms are encouraged to plan for operations without IT systems and to develop alternative communication methods in the event of a cyberattack. The review also notes that while the overall number of incidents handled by the NCSC has remained stable, the increasing severity and sophistication of attacks pose a growing threat to national security and economic stability.
The British government is taking a proactive stance by alerting industry leaders to the heightened risk environment and the necessity of robust cyber defense measures. The NCSC's chief executive, Richard Horne, has underscored that cybersecurity is now a matter of business survival and national interest. The review's findings have prompted calls for greater collaboration between government, industry, and academia to address the evolving threat landscape.
The rise in significant cyberattacks is attributed to more intense, frequent, and sophisticated hostile activity targeting British businesses and critical infrastructure. The NCSC's categorization system helps prioritize response efforts and ensures that the most severe incidents receive the necessary attention and resources. The government’s outreach to business leaders is intended to drive home the urgency of preparing for cyber incidents that could have far-reaching consequences.
The review also highlights the importance of learning from recent incidents to improve future response and recovery efforts. Organizations are advised to regularly test and update their contingency plans, ensuring that they are practical and accessible in a crisis. The NCSC continues to provide guidance and support to organizations across the UK, aiming to strengthen the country's overall cyber resilience.
The increase in nationally significant and highly significant attacks marks the third consecutive year of rising severity, signaling a persistent and escalating threat. The government’s message is clear: cyberattacks are not just an IT issue but a critical risk to business continuity and national prosperity. The NCSC’s annual review serves as both a warning and a call to action for all sectors to prioritize cybersecurity and resilience in the face of mounting cyber threats.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
NCSC urges organizations to strengthen cyber resilience plans
Following publication of the annual figures, UK officials and the NCSC warned organizations to improve preparedness, including maintaining contingency plans on paper in case digital systems are unavailable during an attack. The messaging was framed as a call for urgent action in response to the surge in major incidents.
Nationally significant UK cyberattacks more than double
Within that annual reporting period, the number of cyberattacks classified as nationally significant more than doubled, reaching a record level and rising about 50% from the prior year. The increase prompted concern about the scale and severity of threats facing the UK.
UK records 429 cyber incidents over the past year
The UK National Cyber Security Centre recorded 429 cyber incidents over the previous year, marking the third straight annual rise in incidents handled. This annual total forms the baseline for later reporting on the increase in serious attacks.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
‘A Call to Arms’ as UK Faces 50% Surge in Major Cyberattacks
techrepublic.com
Open sourceBritish govt agents demand action after UK mega-cyberattacks surge 50%
go.theregister.com
Open sourceCyber attack contingency plans should be put on paper, firms told
bbc.co.uk
Open sourceUK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling
securityaffairs.com
Open sourceUK Cyber Incidents Rise for Third Straight Year
bankinfosecurity.com
Open sourceUK hit by record number of ‘nationally significant’ cyberattacks
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ransomware Elevates Cybersecurity to National Security Priority
A surge in high-profile ransomware attacks targeting both the United Kingdom and the United States has prompted government officials to reclassify cybersecurity as a matter of national security. Anne Neuberger, former White House deputy national security adviser for cyber, emphasized at a London event that the societal and economic impacts of these attacks have become untenable, with incidents affecting major retailers like Marks & Spencer and manufacturers such as Jaguar Land Rover. The financial fallout from these attacks is significant, with cleanup and disruption costs reaching hundreds of millions of dollars for individual companies and broader economic impacts estimated in the billions. In response, governments are increasingly engaging with private sector leaders to develop coordinated strategies for ransomware mitigation, recognizing that the threat extends beyond IT departments to affect national infrastructure and economic stability. The call for enhanced public-private cooperation reflects a shift in policy, as authorities seek to address ransomware as a systemic risk requiring unified action across both public and private sectors.
Mar 21, 2026
UK Government Admits Cybersecurity Failures and Launches Major Public Sector Overhaul
The UK government has publicly acknowledged that its longstanding cybersecurity policies for the public sector have failed, leaving critical services and departments vulnerable to cyberattacks. In response, officials have announced a sweeping reset with the introduction of the Government Cyber Action Plan, backed by over £210 million in new funding. The plan establishes a dedicated Government Cyber Unit, sets minimum security standards, and mandates robust incident response capabilities across all departments. This overhaul comes after years of fragmented accountability and recurring cyber incidents, including high-profile attacks on agencies such as the Legal Aid Agency (LAA), which suffered a major breach that went undetected for months despite significant prior investment in security improvements. The Public Accounts Committee has criticized the Ministry of Justice for its handling of the LAA cyberattack, revealing that despite £50 million spent on security, the agency failed to detect the intrusion for four months and delayed taking affected servers offline. The government’s new strategy aims to address these systemic weaknesses by improving risk visibility, enforcing stricter standards, and banning ransom payments by public-sector organizations. The action plan is positioned as a radical shift to protect essential services, restore public trust, and prevent future incidents that could disrupt healthcare, legal, and other critical infrastructure.
Mar 21, 2026
UK Reports Warn of Persistent Basic Cybersecurity Gaps and Rising Social-Engineering Risk
UK reporting highlighted persistent weaknesses in baseline cyber hygiene and a growing expectation that **phishing and social engineering** will succeed against many organizations. A Vodafone Business-commissioned snapshot cited by Tech Radar/SC Media reported that **63% of UK businesses** feel more exposed to cyberattacks than a year ago, **71% of leaders** think employees are vulnerable to phishing, and staff reuse work passwords across an average of **11 personal accounts**; only **45%** of organizations said all staff had completed basic cyber awareness training. The same coverage noted increasing concern about **AI-enabled scams and deepfakes**, with **70%** reporting greater suspicion of video calls impersonating senior leaders, and pointed to the UK government’s planned *Telecommunications Fraud Charter* as part of broader anti-fraud efforts. Separately, the Bank of England’s 2025 CBEST review (summarized by The Register) found that regulated financial firms and **financial market infrastructures (FMIs)** still commonly fail on fundamentals observed during **13 CBEST assessments and regulator-backed penetration tests**, including **weak access controls**, poor password practices, **misconfigured and inconsistently patched systems**, and gaps in **intrusion detection** and vulnerability management. The report emphasized that firms should be prepared to **handle breaches** rather than relying only on preventive controls, and that weak security culture enables attackers to bypass controls via social engineering; it also warned that inadequate helpdesk identity-verification processes can enable fraudulent credential access, with the NCSC noting such tradecraft aligns with groups like **Scattered Spider**.
Mar 21, 2026