“Highly significant” cyber-attacks rose by 50% in the past year and the UK’s security services are now dealing with a new nationally significant attack more than every other day, figures from the National Cyber Security Centre (NCSC) have revealed.
In what officials described as “a call to arms”, national security officials and ministers are urging all organisations, from the smallest businesses to the largest employers, to draw up contingency plans for the eventuality that “your IT infrastructure [is] crippled tomorrow and all your screens [go] blank”.
The NCSC, which is part of GCHQ, said “highly sophisticated” China, “capable and irresponsible” Russia, Iran and North Korea were the main state threats, in its annual review published on Tuesday. The rise is being driven by ransomware attacks, often by criminal actors seeking money, and society’s increasing dependence on technology which increases the number of hackable targets.
The chancellor, Rachel Reeves, the security minister, Dan Jarvis, and the technology and business secretaries, Liz Kendall and Peter Kyle have written to the leaders of hundreds of the largest British companies urging them to make cyber-resilience a board-level responsibility and warning that hostile cyber-activity in the UK has grown “more intense, frequent and sophisticated”.
“Don’t be an easy target,” said Anne Keast-Butler, the director of GCHQ. “Prioritise cyber risk management, embed it into your governance and lead from the top.”
NCSC dealt with 429 cyber incidents in the year to September and nearly half were classed as of national significance – more than doubling in the past year. Eighteen were “highly significant”, which means they had a serious impact on the government, essential services, the mass population or the economy. Most of those were ransomware incidents, including the attacks that significantly affected Marks & Spencer and the Co-op Group.
“Cybercrime is a serious threat to the security of our economy, businesses and people’s livelihoods,” said Jarvis. “While we work round the clock to counter threats and provide support to businesses of all sizes – we cannot do it alone.”
The NCSC declined to comment on reports that one line of investigation into the crippling attack on Jaguar Land Rover, which has halted manufacturing, is examining Russian involvement. It said Russia is inspiring informal “hacktivists” who are targeting the UK and the US, as well as European and Nato countries.
Overall, the number of attacks in the year to September represented the highest level of cyber threat activity recorded by the NCSC in nine years. Over the 12 month period, the UK and its allies uncovered a Russian military unit carrying out cyber-attacks for the first time, issued advice to counter a China-linked campaign targeting thousands of devices and raised the alarm over cyber-actors working for Iran, according to the NCSC. But the threat is also homegrown, and last week two 17-year-olds were arrested in Hertfordshire over the alleged ransomware hack of children’s data from the Kido nursery chain.
Hackers are also increasingly using artificial intelligence (AI) to sharpen their operations, and while the NCSC has yet to face an attack initiated by AI, it said: “AI will almost certainly pose cyber-resilience challenges to 2027 and beyond.”
“We do see our attackers improving their ability to cause real impact, to inflict pain on the organisations they have breached and those who rely on them,” said Richard Horne, the NCSC’s chief executive. “They don’t care who they hit or how they hurt them. That is why we need all organisations to act.”
He stressed the emotional impact of becoming a victim of cyber-attacks and said: “I’ve sat now in too many rooms with individuals who have been deeply affected by cyber-attacks against their organisations … I know the impact the disruption has on their staff, suppliers and customers, the worry, the sleepless nights.”
The best public interest journalism relies on first-hand accounts from people in the know.
If you have something to share on this subject, you can contact us confidentially using the following methods.
Secure Messaging in the Guardian app
The Guardian app has a tool to send tips about stories. Messages are end to end encrypted and concealed within the routine activity that every Guardian mobile app performs. This prevents an observer from knowing that you are communicating with us at all, let alone what is being said.
If you don't already have the Guardian app, download it (iOS/Android) and go to the menu. Select ‘Secure Messaging’.
SecureDrop, instant messengers, email, telephone and post
If you can safely use the Tor network without being observed or monitored, you can send messages and documents to the Guardian via our SecureDrop platform.
Finally, our guide at theguardian.com/tips lists several ways to contact us securely, and discusses the pros and cons of each.
