CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

UK NCSC Reports Significant Increase in Nationally Significant Cyber Incidents

First reported
Last updated
1 unique sources, 4 articles

Summary

Hide ▲

The UK’s National Cyber Security Centre (NCSC) reported 204 nationally significant cyber incidents between September 2024 and August 2025, a 130% increase from the previous year. Recent high-profile attacks on Marks & Spencer, the Co-op Group, and Jaguar Land Rover highlighted the real-world impact of cyber threats. The NCSC emphasized the need for urgent action from business leaders to enhance cybersecurity defenses. The NCSC's 2025 Annual Review included a letter from the CEO of the Co-op Group, emphasizing the responsibility of senior leaders in protecting their businesses. The NCSC launched the Cyber Action Toolkit to help small organizations improve their cyber defenses. Additionally, the NCSC issued an alert to critical national infrastructure (CNI) providers about severe cyber threats targeting CNI, following coordinated cyber-attacks on Poland's energy infrastructure in December. NCSC CEO Richard Horne warned that SMEs are wrong to assume they won't be targeted by cyber-attacks and urged them to adopt Cyber Essentials certification to protect against common cybersecurity threats.

Timeline

  1. 10.02.2026 13:50 1 articles · 7d ago

    NCSC Issues Alert on Severe Cyber Threats to Critical Infrastructure

    The NCSC issued an alert to critical national infrastructure (CNI) providers about severe cyber threats targeting CNI, following coordinated cyber-attacks on Poland's energy infrastructure in December. Jonathan Ellison, NCSC director for national resilience, urged CNI operators to act now to protect against similar campaigns targeting UK critical infrastructure. The NCSC provided advice on monitoring threats, increasing situational awareness, and hardening network defenses. The NCSC also highlighted the Cyber Security and Resilience Bill as a critical step in managing the UK's collective vulnerability against cyber threats.

    Show sources
    Open in new tab
  2. 14.10.2025 11:45 3 articles · 4mo ago

    NCSC Reports 204 Nationally Significant Cyber Incidents in 2024-2025

    The UK government has urged senior executives to better prepare for cyber-attacks, noting that cybersecurity has been a concern for middle management for too long. The NCSC's 2025 Annual Review included a letter from the CEO of the Co-op Group, emphasizing the responsibility of senior leaders in protecting their businesses. The review noted that 18 of the 204 nationally significant cyber incidents were highly significant. The NCSC also highlighted the slow uptake of the Cyber Essentials certification scheme, with only 39,790 businesses certified out of 5.5 million in the UK. The NCSC launched the Cyber Action Toolkit, a free, personalized cybersecurity solution toolset designed to help small organizations and sole traders improve their cyber defenses. NCSC CEO Richard Horne warned that SMEs are wrong to assume they won't be targeted by cyber-attacks and urged them to adopt Cyber Essentials certification to protect against common cybersecurity threats.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Global Agencies Release OT Network Security Guidance

The US Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), the Federal Bureau of Investigation (FBI), and international partners have released a new set of security principles aimed at securing operational technology (OT) environments. The guidance addresses the growing risks associated with insecure connectivity in systems that support essential services, providing a framework to help organizations design and manage secure connectivity in OT networks. The document emphasizes the importance of embedding security into network design from the outset to reduce exposure to both highly capable and opportunistic adversaries, including nation-state actors. It highlights the increased interconnection between industrial systems and enterprise networks, which has improved efficiency but expanded the attack surface for cyber threat actors. The guidance was developed in collaboration with multiple international cybersecurity agencies, including ASD’s ACSC, Cyber Centre, BSI, NCSC-NL, and NCSC-NZ. CISA urges OT device manufacturers and integrators to embrace secure-by-design principles to reduce risk and safeguard critical systems.

Open in new tab

Attackers Optimize Traditional TTPs with AI in 2025

In 2025, attackers continued to leverage traditional techniques such as supply chain attacks and phishing, but with increased efficiency and scale due to AI advancements. The Shai Hulud NPM campaign demonstrated how a single compromised package can affect thousands of downstream projects. AI has lowered the barrier to entry for cybercriminals, enabling lean teams or even individuals to execute sophisticated attacks. Phishing remains effective, with one click potentially compromising large-scale systems. Malicious Chrome extensions bypassing official stores highlight the ongoing challenge of automated reviews and human moderators keeping pace with attacker sophistication.

Open in new tab

NCSC Releases Playbook to Embed Cyber Essentials in Supply Chains

The UK's National Cyber Security Centre (NCSC) has released a playbook urging businesses to integrate Cyber Essentials (CE) into their supply chains. The playbook provides a seven-step guide to help organizations embed CE, including understanding supply chain risks, defining supplier security profiles, and incentivizing CE adoption. The NCSC also highlighted the availability of free cyber-liability insurance for businesses with a turnover under £20m that are CE certified. The playbook emphasizes the importance of securing supply chains, as only 14% of firms are aware of the potential risks posed by their immediate suppliers. The NCSC noted that 43% of organizations suffered a cyber-attack in the past year, underscoring the need for improved baseline security postures.

Open in new tab

Pro-Russia Hacktivists Target Critical Infrastructure with Low-Sophistication Attacks

Pro-Russia hacktivist groups are conducting opportunistic, low-sophistication cyberattacks against U.S., UK, and global critical infrastructure. These attacks target a wide range of sectors, including water treatment facilities, food production, energy systems, and local government bodies, using easily repeatable methods. The groups exploit minimally secured, internet-facing virtual network computing (VNC) connections to gain unauthorized access to operational technology (OT) control devices. The joint advisory from CISA, FBI, NSA, and global partners, along with a recent warning from the UK National Cyber Security Centre (NCSC), urges immediate action to mitigate these threats. The advisory highlights the use of basic methods to target supervisory control and data acquisition (SCADA) networks, sometimes combined with DDoS attacks. The cumulative impact of these activities poses a persistent and disruptive threat to essential services. According to a new report, groups such as Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), and Sector16 are using simple reconnaissance tools and common password-guessing techniques to reach internet-facing human-machine interfaces. These groups have led to physical impacts in some cases, including temporary loss of view and costly manual recovery efforts. The NCSC warns of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the UK with disruptive denial-of-service (DDoS) attacks. The NCSC notes that NoName057(16) operates the DDoSia project, a platform that allows volunteers to contribute computing resources to carry out crowdsourced DDoS attacks and receive monetary rewards or recognition from the community. Operation Eastwood disrupted NoName057(16)'s activity in mid-July 2025 by arresting two members of the group, issuing eight arrest warrants, and taking down 100 servers. Despite these efforts, the group has returned to action, highlighting the evolving threat they pose. Recent developments indicate that attackers are growing more interested in and accustomed to dealing with industrial machines, potentially leading to more sophisticated OT attacks. Ric Derbyshire, principal security engineer at Orange Cyberdefense, will demonstrate 'living-off-the-plant' attacks at the RSA Conference 2026, which require a holistic understanding of the physical process, OT systems, network architecture, security controls, and human interactions.

Open in new tab

SOC Challenges and AI-Driven Solutions for 2026

Security Operations Centers (SOCs) face escalating challenges due to AI-driven threats, increasing alert volumes, and the need to demonstrate ROI. Evasive threats are becoming more sophisticated, alert fatigue is burning out Tier 1 analysts, and financial leaders demand measurable security investments. Solutions like interactive malware analysis and actionable threat intelligence are critical to address these issues before 2026.

Open in new tab