“Nationally significant” cyber incidents are increasing at an alarming rate

Five key takeaways from the NCSC Annual Review and what they mean for your business.

The National Cyber Security Centre (NCSC) has just released its 2025 Annual Review and the findings within this 100-page document make for an alarming read.

One of the starkest takeaways from the 2025 NCSC Annual Review is the scale of the cyber incidents the organisation handled this year. Between September 2024 and August 2025 there were 204 “nationally significant” cyber incidents – an increase of 130% on the previous year. This means 4% of all recorded attacks disrupted government services, the economy or national infrastructure.

The report also highlights new areas of concern, including post-quantum encryption, digital identity protection and supply chain security. In addition, it emphasises the prevalence of artificial intelligence being used to automate attacks, write more convincing phishing messages and conceal hackers’ movements.

It also emphasises the dangers of businesses using outdated software or ignoring essential updates, and the ease with which hackers are exploiting these vulnerabilities.

Reacting to this review, Workflo Solutions’ managing director Michael Field commented; “The release of the 2025 NCSC Annual Review is aptly timed to coincide with large-scale cyber attacks sadly hitting the headlines once again. Within the past few weeks alone, LNER confirmed it fell victim to a serious data breach, and Capita was ordered to pay £14million after the personal data of 6.6 million people was stolen. All businesses are at risk, so all business need to take swift action to protect their networks, systems, data and assets.”

To that end, the digital experts at Workflo Solutions offer five key recommendations to help keep businesses safe in this ever-evolving digital landscape:

1. Make cybersecurity a leadership priority Assign a senior leader to oversee cyber strategy, include cybersecurity in board meetings and risk reviews, and track metrics like incident response time and patch compliance.

2. Get the basics right Keep software updated and patched, enable multi-factor authentication everywhere, regularly back up important data and test recovery.

3. Improve visibility Use a Security Information and Event Management (SIEM) tool to detect unusual activity, review access logs and privilege levels, and set alerts for suspicious logins or device changes.

4. Prepare for incidents Build a simple incident response plan, run simulation exercises for your team, and know who to contact (for example NCSC, ICO, legal and PR) if an attack occurs.

5. Join the ecosystem Subscribe to NCSC Early Warning alerts, use the Cyber Action Toolkit for small business support, and partner with a trusted managed cybersecurity provider for ongoing protection.

“Given the sheer scale of the problem and what’s at stake, businesses need to make cyber security a top priority. Failure to do so could prove catastrophic for some. We hope the latest NCSC review and our recommended responses prove helpful in the continuing battle against cyber crime.” added Field.