NCSC reports record number of “nationally significant” cyberattacks

The United Kingdom’s National Cyber Security Centre (NCSC) handled a record of 204 nationally significant cyberattacks in the past twelve months to August, compared to 89 a year earlier.

According to the latest Annual Review, the cybersecurity agency took care of four so-called “nationally significant” cyberattacks per week. These kinds of attacks have a substantial impact on the United Kingdom’s national security, economy, or critical infrastructure, including threats to essential services, sensitive data, or key government functions.

The cyberattack on car manufacturer Jaguar Land Rover is an example of a nationally significant cyberattack. This incident not only affected the carmaker’s production process, but also other companies in the supply chain. As a matter of fact, the British government backed Jaguar Land Rover with a £1.5 billion loan to prevent bankruptcy and layoffs at the car manufacturer and other companies in the supply chain.

Other recent infamous cyberattacks on British companies include luxury department store Harrods, retailer Marks & Spencer, supermarket chain Co-op, and Transport for London.

The NCSC handled a total of 429 cyberattacks between September 1, 2024, and August 31, 2025. 18 incidents were categorized as “highly significant,” meaning that they had the potential to have a serious impact on essential services. This marks an almost 50% increase in incidents of this second-highest level categorization compared with the previous year, and an increase for the third year running.

According to the British authorities, most cyberattacks are being pulled off by either nation-state actors or highly capable criminal groups.

“Cybersecurity is now a matter of business survival and national resilience. With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace,” says Richard Horne, Chief Executive Officer of the NCSC.

The best way to defend against cyber threats is to make your company as hard a target as possible, including implementing “resilience engineering,” meaning that IT systems and digital environments are built so that they can quickly recover from an attack.

To warn businesses and organizations of the rising threat of high-profile security incidents, the NCSC is urging CEOs of leading businesses to make cybersecurity a Board-level responsibility.