Ministers and security officials call on all businesses to strengthen cyber resilience
- philviles
- 15 minutes ago
- 3 min read
Government ministers and national security leaders are calling on every organisation - from sole traders to multinational corporations - to take business resilience seriously, make use of free cybersecurity resources, and establish contingency plans in preparation for potentially devastating cyberattacks.
The National Cyber Security Centre (NCSC) has published its Annual Review, and the findings are far from reassuring.
For the year ending August 2025, the NCSC recorded the highest level of cyber threat activity since its founding nine years ago. Over the 12-month period, the agency responded to 204 nationally significant cyber incidents affecting the UK - more than double the 89 incidents reported the previous year.
Out of 429 total incidents handled by the NCSC, which operates as part of GCHQ, 18 were classed as “highly significant,” meaning they had the potential to seriously disrupt essential services. This represents a 50% increase compared with the previous year and marks the third consecutive annual rise in such cases.
According to the report, China, Russia, Iran, and North Korea continue to be the main sources of state-sponsored cyber threats. The surge in attacks has largely been fuelled by ransomware, with recent arrests revealing how criminal masterminds are recruiting and training young people to carry out these operations on their behalf.
In her foreword to the report, Anne Keast-Butler, Director of GCHQ, warned:
“This year, the impact of cyberattacks has become impossible to ignore. High-profile incidents affecting companies like Marks & Spencer, the Co-op Group, and Jaguar Land Rover highlight that cyber threats are not theoretical—they cause tangible harm to businesses’ bottom lines.”
To emphasise the need for urgent collective action, ministers, the NCSC, and the National Crime Agency (NCA) have sent an open letter to CEOs and board chairs of major UK firms, including every member of the FTSE 350. The letter warns that the growing scale, sophistication, and frequency of malicious cyber activity require an “urgent collective response” to safeguard both the economy and national security.
The letter highlights the tools and frameworks available to businesses and outlines three immediate steps that all organisations should take:
Adopt the government’s Cyber Governance Code of Practice, developed alongside industry leaders, to guide boards in managing cyber risk effectively.
Register for the NCSC’s free Early Warning Service, which alerts organisations to potential threats.
Ensure compliance with the Cyber Essentials standard across their own operations and supply chains.
Security Minister Dan Jarvis addressed business leaders and cyber security professionals at the launch of the NCSC’s Annual Review.
“Cybercrime poses a serious threat to our economy, businesses, and people’s livelihoods,” Jarvis said. “While we’re working tirelessly to counter these threats and support organisations of all sizes, we cannot do it alone. Business leaders must recognise the scale of the danger and treat cybersecurity as a top priority.”
The NCSC has also introduced a Cyber Action Toolkit, aimed at helping small businesses and sole traders implement essential security measures.
Dr Richard Horne, Chief Executive of the NCSC, added:
“The best defence is to make your organisation as hard a target as possible. Every business leader must act with urgency - hesitation creates vulnerability, and the future of their organisation depends on the steps they take now. The time to act is today.”
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Comments