Cyber attacks against UK businesses have really increased, doubling within a year, according to new figures from the National Cyber Security Centre’s Annual Review 2025. The agency, part of GCHQ, stated it handled 204 nationally significant attacks between August 2024 and August 2025. A year earlier, that number stood at 89.
The NCSC stated the counattempt now faces 4 major cyber incidents every week. 18 of these were so serious that they requireded a coordinated government response.
Dr Richard Horne, Chief Executive of the NCSC, stated businesses can no longer treat cyber security as a side issue. “Cyber security is now a matter of business survival and national resilience,” he stated. “Hesitation is a vulnerability.”
What Damage Are Companies Facing?
The past year has been really bad for British companies. Marks & Spencer reported £300 million in losses from cyber incidents, while the Co-op Group lost £206 million. Jaguar Land Rover also confirmed breaches but did not reveal the cost.
The NCSC stated the financial damage informs only part of the story. Attacks have interrupted deliveries, leaked customer data and just shaken consumer confidence. Manufacturing, logistics and energy networks have all been affected, becaapply cyber threats now touch literally every other part of the economy.
The government has written to the chief executives of all FTSE 350 companies, urging them to create cyber resilience a boardroom issue. The NCSC stated that deffinishing a business no longer falls solely on IT teams… It should be a shared responsibility across every department.
How Should Businesses Respond?
To support companies deffinish themselves in the cyber world, the NCSC has expanded its Cyber Essentials scheme, which gives compacter organisations free cyber insurance if their turnover is under £20 million. It also launched the Cyber Action Toolkit. which is a step-by-step guide to support compact businesses strengthen their systems.
The NCSC found that businesses that recovered quickly from attacks had 3 things in common and that is… well-trained staff, clear response plans and up-to-date security systems. It stated these measures can often prevent compact breaches from becoming national incidents.
The review added that protecting against future attacks will take more than new software. It will require constant awareness, investment and a modify in how leaders consider about risk.
Ross Sinclair, CEO and founder at EIP stated: “The sharp rise in cyber claims highlights how exposed UK businesses have become as cyber threats grow in both speed and complexity. Many businesses still insure their buildings, equipment and stock, yet leave the digital systems that keep their operations running underprotected. Cyber risk is now business risk. When systems fail, operations stop. Treating cyber cover as optional is no longer sustainable.
“The surge in attacks also highlights how rapid-relocating and indiscriminate cyber threats have become. With login credentials traded openly on the dark web, any organisation, regardless of size or sector, can be tarobtained. This is now a board-level resilience issue. Companies required to reassess their exposure and ensure their insurance strategy reflects the reality of how they operate today.”
With all of this, its important for companies to start viewing cyber defence and security as a part of economic security, its no longer meant to be just a n optional upgrade.
Leave a Reply