The National Cyber Security Centre (NCSC) reports a sharp escalation in ransomware and state-backed espionage, urging organisations to draw up urgent contingency plans for their “screens going blank” tomorrow
The United Kingdom’s cybersecurity apparatus is grappling with an unprecedented surge in hostile activity, with figures from the National Cyber Security Centre (NCSC) revealing that “highly significant” cyber-attacks rose by 50 per cent in the past year. The security services are now responding to a new nationally significant attack on average more than every other day.
In what officials have bluntly labelled a “call to arms,” national security leaders and government ministers are urgently imploring every organisation—from the smallest firm to the largest employer—to draft contingency plans for the eventuality that their “IT infrastructure [is] crippled tomorrow and all your screens [go] blank.”
The NCSC, which operates as part of GCHQ, detailed the primary state threats in its annual review published this week, naming “highly sophisticated” China, “capable and irresponsible” Russia, as well as Iran and North Korea. The overall spike in incidents, however, is being largely fuelled by ransomware attacks, frequently carried out by criminal actors seeking financial gain, exploiting society’s deepening dependence on technology.
In response to the growing intensity and sophistication of the threats, the Chancellor, Rachel Reeves, the Security Minister, Dan Jarvis, and the technology and business secretaries, Liz Kendall and Peter Kyle, have jointly written to leaders of the largest British companies. The letter urges them to elevate cyber-resilience to a board-level responsibility.
Anne Keast-Butler, the Director of GCHQ, delivered a direct warning: “Don’t be an easy target. Prioritise cyber risk management, embed it into your governance and lead from the top.”
The NCSC dealt with 429 cyber incidents in the year to September. Crucially, nearly half of these were classed as being of national significance, marking a doubling of such events over the past 12 months. Eighteen incidents were designated “highly significant,” indicating a serious impact on government operations, essential services, the mass population, or the economy. Most of these were ransomware incidents, including major attacks that severely affected Marks & Spencer and the Co-op Group.
Security Minister Dan Jarvis stressed that the government cannot tackle the issue alone. “Cybercrime is a serious threat to the security of our economy, businesses and people’s livelihoods,” he said. “While we work round the clock to counter threats and provide support to businesses of all sizes – we cannot do it alone.”
While the NCSC declined to comment on reports suggesting Russian involvement in the crippling attack on Jaguar Land Rover, which temporarily halted manufacturing, it confirmed that Russia is actively inspiring informal “hacktivists” who are targeting the UK, US, European, and Nato countries.
The total number of attacks in the year to September represented the highest level of cyber threat activity recorded by the NCSC in nine years. During the period, the UK and its allies exposed a Russian military unit carrying out cyber-attacks for the first time, issued guidance against a China-linked campaign targeting thousands of devices, and raised the alarm over cyber-actors working for Iran.
The threat is not solely international. Last week, two 17-year-olds were arrested in Hertfordshire over the alleged ransomware hack that stole children’s data from the Kido nursery chain, highlighting the homegrown and opportunistic nature of some cybercrime.