Five Key Takeaways from the NCSC Annual Report 2025

Need Help?

What this year's findings mean for UK Businesses and why action cannot wait

The NCSC’s 2025 report reveals record-high cyberattacks, escalating threats from state actors and ransomware, and urges all organisations to prioritise strong cybersecurity measures and board-level responsibility.

Here are the five most important insights from the NCSC’s 2025 Annual Report, distilled into clear, actionable takeaways:

1. Cyberattacks on the UK Are at Their Highest Level Ever
The NCSC recorded a 50% rise in highly and nationally significant attacks this year, including 204 nationally significant incidents, which is a huge leap from 89 the previous year. With more than 1,700 incident tips received and 429 requiring direct support, the data confirms what many suspected: cyber threats are escalating rapidly and relentlessly.

2. Threats Are Evolving and Expanding
New risks are emerging. AI misuse, the rise of malware-as-a-service, and the growing accessibility of hacking tools mean cybercrime is no longer reserved for experts. Critical national infrastructure also remains a high-value target, with low-skill attacks adding an unpredictable layer of risk.

3. The NCSC’s Message Is Clear: It’s Time to Act
Cyber resilience is now described as essential for “business survival and national resilience.” Organisations are urged to raise supplier standards through Cyber Essentials, sign up to the NCSC’s Early Warning service here, and consider cyber insurance as part of their security toolkit.

4. Cybersecurity Must Be a Boardroom Priority
The report reinforces that cybersecurity can no longer sit solely with technical teams. Boards are expected to set the strategy, oversee implementation, and prepare for upcoming requirements in the Cybersecurity and Resilience Bill. Governance, not just technology, is now central to cyber defence.

5. High-Profile Attacks Are a Wake-Up Call for All Businesses
Incidents affecting Co-op, Harrods, M&S, Jaguar-Land Rover and others have shifted public and business attitudes. The government wants to take action – Cyber basics and Cyber Essentials certification are now the minimum baseline for operating safely in 2025 and beyond.

Now is the time for organisations of every size to strengthen their defences and take proactive steps to stay secure. Contact CSCM today to find out how we can back your business.

Nov

Use Technology As Your Secret Weapon

Oct

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.