NCSC: Proactive Defence Needed Against UK Cyber Threats

The UK is facing a major rise in cyber threats, with the National Cyber Security Centre (NCSC) calling cybersecurity a key part of national resilience.

The frequency and sophistication of attacks have escalated for the third consecutive year.

The NCSC’s latest Annual Review shows it managed 204 nationally significant cyber incidents, more than double the previous year.

Out of 429 total incidents, 18 were classified as “highly significant” with the potential to disrupt essential UK services.

Dr Richard Horne, NCSC Chief Executive, calls cybersecurity “a matter of business survival and national resilience,” urging organisations to make it a boardroom priority.

He warns: “Our collective exposure to serious impacts is growing at an alarming pace.”

Richard stresses that the most effective defence is for organisations to become a difficult target.

“Hesitation is a vulnerability and the future of their business depends on the action they take today. The time to act is now,” he adds.

IoT connectivity and the attack surface

The growth of the Internet of Things (IoT) is expanding the nation's attack surface.

Toby Gasston, Principal Product Manager at Wireless Logic, says this makes the sustained attacks on the UK unsurprising.

“As industries digitise, their most critical functions increasingly depend on connected devices and IoT infrastructure,” Toby says.

“This growing reliance expands the threat surface and demands a new level of vigilance.”

He notes that devices in energy, healthcare and manufacturing often sit outside traditional IT security, creating blind spots for attackers. Gasston argues the challenge is protecting the whole network, not just single devices.

“The way we think about IoT security must evolve from piecemeal protection to built-in resilience,” he explains, advocating for secure-by-design connectivity with strong authentication and continuous visibility.

The evolving ransomware threat

Ransomware is a primary threat, with attacks from financially motivated and state-backed groups. This has prompted a government “call to arms” for better business defences.

Pierre Noel, Field CISO EMEA at Expel, says the threat has evolved.

"Ransomware has rapidly evolved from opportunistic encryption attacks into highly professionalised ecosystems," he explains, noting groups now operate like SaaS businesses.

Pierre states that identity-based attacks are dominant, accounting for 67.6% of incidents his firm handled in Q2 2025.

He adds that even non-targeted malware can cause “devastating damage” if basic cyber hygiene is lacking.

Noel also suggests that banning ransom payments could shift attacker focus to data exfiltration and public leaks for extortion.

Moving to proactive defence

The NCSC data is a call for organisations to move from reactive to proactive security.

Dolores Saiz, CEO of The Server Labs, says the report is a “wake-up call.”

“Security can’t be an afterthought or a reaction to a breach,” Dolores says.

“It has to be engineered into the very fabric of every system.”

This mirrors a global trend, with 72% of organisations worldwide reporting increased cyber threats, according to the World Economic Forum (WEF).

Check Point research also notes a 46% increase in ransomware incidents, partly enabled by Gen AI-powered tools.

Check Point emphasises a prevention-first approach: “Traditional detection alone is no longer sufficient – organisations need real-time, proactive security capable of stopping attacks before damage occurs.”