UK ‘Nationally Significant’ Cyberattacks Double to 204 - NCSC Annual Review Signals Imminent Economic Risk

The UK’s National Cyber Security Centre will report a record number of nationally significant cyber incidents between September 2024 and August 2025: 204 incidents, up from 89 in the prior period, with 18 rated ‘highly significant’—just below a national cyber emergency. NCSC staff were mobilized 429 times across all incidents. The review, tied to ministerial remarks, urges boards to treat cyber resilience as a business survival imperative. The government plans letters to FTSE 350 executives calling for concrete actions, referencing the prolonged disruption at Jaguar Land Rover (JLR) as an economic security issue—not merely a company outage. The review frames cyber risk as an imminent threat to national growth, with explicit messaging to “open your eyes to imminent risk to your economic security.” Following the event, the security minister plans engagement with large-cap representatives to elevate cyber to board-level responsibility. The data points crystallize a trend: more frequent and sophisticated hostile activity targeting British businesses and essential services. For enterprises, the takeaways are clear—board ownership, economic risk framing, and resilience investment are now public policy expectations as the UK aligns cyber posture with macroeconomic objectives and national resilience strategies.