UK cyber attacks have surged by 50% over the past year, according to new data from the National Cyber Security Centre (NCSC). Officials report that the United Kingdom is now facing a nationally significant cyber incident roughly every other day — marking the highest level of cyber threat activity recorded in nine years.
The NCSC, part of GCHQ, said the increase in UK cyber attacks is mainly driven by ransomware incidents and the growing dependence on digital systems across industries. With businesses and public institutions relying heavily on connected infrastructure, the potential impact of cyber intrusions has become broader and more severe.
National security leaders described the rise of UK cyber attacks as a “call to arms,” urging organizations of all sizes to improve cyber preparedness. The agency emphasized that every business should be ready to respond if their systems were suddenly taken offline or compromised.
Rising Threats from Ransomware and State-Sponsored Actors
The NCSC handled 429 cyber incidents in the year to September, with nearly half categorized as nationally significant — more than double the number from the previous year. Eighteen of these UK cyber attacks were classed as “highly significant,” meaning they caused serious disruption to government operations, essential services, or the broader economy.
Most of these major UK cyber attacks were linked to ransomware attacks. Retailers and service providers such as Marks & Spencer and the Co-op Group were among the affected organizations. The NCSC highlighted that such attacks are increasingly targeting sectors vital to daily life, exploiting both technological vulnerabilities and human error.
Officials identified four main state-linked cyber threats: China, Russia, Iran, and North Korea. According to the report, these nations have been associated with “highly sophisticated” and persistent attempts to compromise critical systems in the UK and allied countries.
While the NCSC did not comment on the recent disruption at Jaguar Land Rover, which halted manufacturing operations, reports suggest that investigators are examining potential Russian involvement. The agency also warned that informal “hacktivist” groups inspired by state actors are targeting organizations in the UK, US, and across NATO countries.
Growing Impact and Future Risks from AI-Driven Attacks
The NCSC’s findings reveal that 2025 has been the busiest year on record for cyber defense teams. In addition to external threats, homegrown cybercrime remains a concern. Recently, two 17-year-olds in Hertfordshire were arrested in connection with a ransomware attack that targeted children’s data from the Kido nursery chain.
Hackers are also beginning to integrate artificial intelligence (AI) into their operations, increasing both the scale and precision of their attacks. The NCSC noted that while the UK has not yet faced a cyber-attack fully initiated by AI, such threats are expected to pose serious challenges through 2027 and beyond.
Richard Horne, chief executive of the NCSC, said attackers are becoming more capable of causing direct harm to the organizations they target. “They don’t care who they hit or how they hurt them,” he said, urging stronger cyber risk management across all sectors.
Horne also highlighted the human and operational toll of UK cyber attacks. “I’ve sat in too many rooms with individuals who have been deeply affected by attacks against their organizations,” he said. “The disruption impacts staff, suppliers, and customers alike — bringing sleepless nights and prolonged uncertainty.”
The NCSC continues to advise companies to adopt proactive cybersecurity measures, including regular backups, employee training, and comprehensive UK cyber attacks response planning. Officials stress that cyber resilience must now be viewed as a core operational responsibility rather than a secondary concern.
As dependence on technology continues to grow, UK authorities warn that cyber threats are likely to evolve further — becoming faster, more automated, and more difficult to detect. The NCSC’s latest review underscores that national and organizational security now rely as much on digital defenses as on physical ones.
