The UK’s National Cyber Security Centre (NCSC) has issued one of its starkest warnings yet: major cyberattacks targeting British organisations have surged by 50% over the past year.
In it’s newly published Annual Review 2025, the NCSC reports that the UK is now experiencing a nationally significant cyber incident roughly every other day – the highest level of malicious activity recorded in nearly a decade. Officials attribute the rise to the UK’s deepening reliance on digital systems and a sharp increase in ransomware activity aimed at disrupting business operations for financial gain.
The government has responded with what it calls a “call to arms”, urging organisations to strengthen their defences, improve recovery planning and treat cyber resilience as a board-level priority.
The changing nature of the threat
At the review’s launch event in London this week, NCSC Chief Executive Richard Horne described cyber security as “a matter of business survival and national resilience”. Senior ministers, including Chancellor Rachel Reeves and Security Minister Dan Jarvis, echoed that message, calling on business leaders to take direct ownership of their organisation’s preparedness.
Jarvis warned that cybercrime continues to pose “a serious threat to the security of our economy, businesses, and people’s livelihoods”, stressing that government cannot fight this battle alone.
The report also highlights the growing role of artificial intelligence (AI) in cybercrime. The NCSC predicts that AI-enhanced attacks will “almost certainly pose cyber-resilience challenges to 2027 and beyond”, warning that automation and generative technologies are already making attacks faster, more adaptive, and harder for traditional security monitoring to detect.
Experience from the frontline
For Zenzero and its cyber security division, Zensec, these warnings reflect what we’ve seen first-hand. Over the past year, Zensec has worked on more than 113 incidents on behalf of the NCSC, supporting affected organisations in the most critical moments of recovery.
That experience provides a rare view into how the threat landscape is evolving – and how quickly incidents can escalate from disruption to full-scale crisis. From manufacturing to local government, we’re seeing attacks that halt operations, compromise data, and threaten continuity in ways that ripple far beyond IT systems.
The lesson is clear: prevention remains vital, but true resilience depends on readiness. Having the ability to recover quickly – with trusted partners who understand the technical and operational pressures of an active incident – is now essential.
We’re also seeing the growing importance of Security Operations Centre (SOC) capability – the ability to detect, analyse and respond to emerging threats in real time, often using AI-driven analytics to spot anomalies before they escalate.
Preparing for what comes next
The NCSC’s findings underline an uncomfortable truth: cyberattacks are no longer isolated or exceptional events. They are part of the operating environment every organisation now faces.
While technology continues to advance, resilience ultimately depends on people and planning. Every organisation should be reviewing its incident response procedures, testing its recovery processes, and understanding exactly how it would operate under sustained cyber pressure.
For Zenzero, this is about helping UK organisations prepare for that reality with confidence combining our experience from hundreds of real-world incidents with a focus on practical, business-led resilience.
Organisations can no longer treat cyber threats as hypothetical. If you haven’t reviewed your incident response and recovery processes this year, now is the time to act. Strengthen your resilience, test your plans, and make sure you’re ready for the next major incident. Get in touch with us – we’re here to help you prepare, respond, and recover with confidence.