The UK National Cyber Security Centre (NCSC) has reported a dramatic increase in the number of “nationally significant” cyber incidents, with over 200 such incidents managed from September 2024 to May 2025. This figure represents twice the number of incidents compared to the same timeframe last year, according to NCSC CEO Richard Horne during his keynote address at the CYBERUK conference in Manchester.
The NCSC categorizes nationally significant cyber events as those with a substantial impact on the UK, affecting medium-sized organizations or posing considerable risks to larger entities and government operations. The rise in incidents aligns with confirmed ransomware attacks impacting major UK retailers like Marks & Spencer, Harrods, and Co-op, which have faced operational disruptions due to these threats.
During the conference, Chancellor of the Duchy of Lancaster, Pat McFadden, highlighted alarming statistics from the NCSC’s 2024 Annual Review, revealing nearly 2,000 reports of cyber-attacks last year, with 89 classified as nationally significant, including 12 critical incidents. This marked a threefold increase in severe attacks compared to 2023, escalating concerns about the continuing threats posed by malicious cyber activities.
In addition, Horne underscored that hostile nation-states operate within a “grey zone” that exists between peace and war, using cyber-attacks to achieve disruptive objectives while maintaining plausible deniability. He identified China as the primary threat to the UK cyber landscape, with the Chinese Communist Party leveraging vast capabilities. The NCSC has also noted increased cyber espionage activities from Russia, particularly as geopolitical tensions rise concerning Ukraine, demonstrating a worrying convergence of cyber and physical attacks against UK interests.
As ransomware continues to be a persistent risk, Horne supports the Home Office’s proposed ban on ransom payments in the public sector, asserting the need for a future where paying ransoms is not an option. He described the threat of ransomware as possibly the most pressing challenge the UK faces in cybersecurity today.