British Govt Agents Demand Action After Uk Mega Cyberattacks Surge 50%

Cyberattacks that meet upper severity thresholds set by the UK government’s cyber agents have risen 50 percent in the last year, despite almost zero change in the volume of cases handled.

GCHQ’s cyber arm, the National Cyber Security Centre’s (NCSC), said in its annual review published today that its incident management team handled 429 cyberattacks on organizations in the past 12 months, one fewer than the same reporting period in last year’s review.

However, the number of nationally significant attacks stood at 204, a 48 percent increase year on year, and the number of highly significant attacks stood at 18, a 50 percent increase on last year – the third marked increase in as many years.

The NCSC has six categories of attacks, ranked in DEFCON style:

• Category 1 – National cyber emergency: Attacks that cause sustained disruption to critical services or impact national security. These demand a cross-government response, with senior ministers and law enforcement working together. NCSC advises on incident response.
• Category 2 – Highly significant incident: Attacks have a serious impact on central government, essential services, and a large population of the UK. NCSC leads the response.
• Category 3 – Nationally significant incident: Used to be called just a “significant incident,” these attacks strike a large organization and carry a risk of impacting essential services. NCSC leads the response.
• Category 4 – Substantial incident: Attacks that have a serious impact on a medium-sized organization, or those that pose a considerable risk to a large one. NCSC or law enforcement leads the response.
• Category 5 – Moderate incident: An attack on a small organization that could impact a larger one. Law enforcement leads the response.
• Category 6 – Localized incident: An attack on an individual, or one that could shape into an attack on an SMB. Local police lead the response.

NCSC chief exec Richard Horne said: “Cybersecurity is now a matter of business survival and national resilience. With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50 percent rise in highly significant attacks compared to last year, our collective exposure to serious impacts is growing at an alarming pace.

“The best way to defend against these attacks is for organizations to make themselves as hard a target as possible. That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.”

The prevailing message from the NCSC’s report is that UK organizations lack the urgency around implementing measures that could improve their resilience to cyberattacks.

People close to the matter believe many business and technical leaders in the UK are knowledgeable enough and understand what needs to be done, but it just isn’t being enacted quickly enough.

In a speech scheduled for later today, Horne will allude to an open letter penned by Co-op’s CEO, Shirine Khoury-Haq, which reminded others in similar shoes that nothing can prepare a company’s top brass for the dreaded call informing them of an attack.

He will say that it’s even worse receiving that call when the organization does not have a plan in place to manage the widespread disruption and business continuity.

Hammering home the theme of urgency, Horne will add: “So, the time to act is now. Every leader, whether you’re one person at your kitchen table or the boss of thousands of people, you must have a plan to defend against criminal cyberattacks and you must have a plan for continuity. You must know how to keep going should a cyberattack get through.

“If your IT infrastructure was crippled tomorrow and all your screens went blank, could you run your payroll systems, or keep your machinery working, or stock your shelves?

“If the answer is ‘no,’ or more likely ‘don’t know,’ act now. Because when an attack does break through, it is the strength of these pre-engineered solutions that determines an organization’s ability to endure, respond, rebuild, and survive.”

The report opens by referencing the cyberattacks on UK household names. The NCSC doesn’t name them, but the issues at M&S, Co-op, and Jaguar Land Rover are so well-known that it makes little sense to tiptoe around them.

Empty shelves and silent production lines defined the UK’s year in cybersecurity in 2025, and the cybersecurity agency said these recent attacks, among others, “must serve as a wake-up call” for orgs of all sizes.

CEOs, you’ve got mail

Senior ministers are writing to the leaders of all FTSE 100 and FTSE 250 companies this week, as well as “a number of other leading UK firms,” imploring them to heed the NCSC’s advice.

As well as echoing the main takeaways of the NCSC’s review, they issue three requests in support of the agency’s urgency goals, with the top one addressing business culture.

Ministers want cyber risk to be a board-level priority. This builds on a similar call made by the NCSC, which urges organizations not to treat cybersecurity as a matter purely for technical teams.

The letter will also ask business leaders to sign up to the NCSC’s Early Warning service, which is free for all. All that’s required is for a business provide its public IPs and domains, and the NCSC will send alerts if it detects possible malicious activity targeting an org’s network.

Ministers also asked the UK’s top companies to demand that their suppliers meet the requirements set out by the NCSC’s Cyber Essentials standard.

The agency claims those that meet the Cyber Essentials mark are 92 percent less likely to make a claim on their cyber-insurance policy, and when every link in the supply chain is secure, it lessens the likelihood of an upstream or downstream attack on others, too.

“We are encouraged to see that more than 90 percent of company boards now recognize cybersecurity as a critical priority,” said the letter signed by secretaries of state, Horne, and NCA chief Graeme Biggar.

“We now need to convert this priority into concrete actions to fully address vulnerabilities and enhance resilience, and invite you to work with us to protect our economy and society.” ®

Original Source