In its yearly assessment, the National Cyber Security Centre reveals that just three vendor vulnerabilities alone led to 29 serious incidents, as part of a broader increase in major attacks

UK entities have been hit with more than 200 cyberattacks classed as being “nationally significant” in the past year – well over double the tally from the prior year.

The annual report from the National Cyber Security Centre reveals that, during the 12-month period that ended on 31 August, the intelligence agency received 1,727 tip-offs about cyber incidents – leading to a total of 429 being formally recorded and triaged. This overall volume of attacks is near-identical to the 430 figure recorded in 2024.

However, a far higher proportion this year have been classified as “nationally significant”, with 204 placed in this category – which includes attacks that pose a serious risk to the operations of one or more large businesses or public bodies. This compares with 89 last year.

In the 2025 year, 18 incidents were recorded in the even higher severity grade of “highly significant”, equating to a rise of about 50% on the 2024 figure. These attacks, which are the second-most severe on the NCSC’s scale, include those which have “a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy”.

The UK has still not suffered a category-one “national cyber emergency” which, in the NCSC’s classification, is described as an attack which “causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life”.

Related content

• DSIT tests ability of AI models to coordinate cyberattacks
• Downing St updating secret contingencies for Russia cyberattack, report claims
• Government extends use of digital simulation for ‘information incident’ crisis training

Vulnerabilities in legacy systems were cited by the security agency as a key “contributing factor” in many serious incidents. The organisation pointed to three security advisory notes issued during the year – respectively released by Microsoft, Ivanti, and Fortinet –  regarding vulnerabilities which “alone were associated with 29 incidents managed by the NCSC”.

In a world in which “cyber is being used by state and non-state actors to achieve their goals, and the overall cyber threat to the UK is growing from an already high level”, the need for cooperation between stakeholders has never been greater, according to the cyber intelligence agency, which is part of GCHQ.

“What is needed to operate in this environment are strategies to respond, deter and counter that are informed, context-aware and flexible,” the report says. “Understanding threat today is not just about detection; it is about outcompeting adversaries in insight and agility. We must be able to make sense of a complex, broad technical landscape at pace, and link this to geopolitical context, not least in understanding the intent of actors and our global exposure to them.”

It adds: “Recognising this places huge emphasis on collaboration. Not one of us holds a monopoly on information, though we each have unique data and insight. The ability to share what we can, understand and respond to an increasingly differentiated threat environment is what will give us a competitive and strategic advantage in a world that is increasingly trying to diminish that advantage. And that work should not just be in how we share insight and the data that underpins it, but also how we generate it too. In this world, as cyber security professionals we must be technically and politically literate, and able to collaborate rapidly, flex and respond to a level of threat that is beyond what we have seen before.”