UK Faces Surge in Cyber-Attacks as State-Backed Threats Intensify
The UK’s cybersecurity landscape has grown increasingly volatile, with "highly significant" cyber-attacks rising by 50% over the past year, according to the National Cyber Security Centre (NCSC). The agency, part of GCHQ, now responds to a nationally significant attack more than every other day a sharp increase driven by ransomware, state-sponsored threats, and the expanding digital attack surface.
In its annual review, the NCSC identified China, Russia, Iran, and North Korea as the primary state-backed adversaries, with Russia described as "capable and irresponsible" and China as "highly sophisticated." The report highlights a surge in ransomware incidents, often carried out by criminal groups, alongside state-aligned hacktivism. Over the past year, the NCSC handled 429 cyber incidents nearly half classified as nationally significant including 18 "highly significant" attacks that disrupted government operations, essential services, or the economy. Victims included major retailers like Marks & Spencer and the Co-op Group.
Government officials, including Chancellor Rachel Reeves and Security Minister Dan Jarvis, have urged businesses of all sizes to treat cyber-resilience as a board-level priority, warning that hostile activity has become "more intense, frequent, and sophisticated." GCHQ Director Anne Keast-Butler emphasized the need for proactive risk management, stating, "Prioritise cyber risk management, embed it into your governance, and lead from the top."
The NCSC also noted the growing role of artificial intelligence in cyber threats, predicting that AI will "almost certainly pose cyber-resilience challenges" through at least 2027. While no AI-initiated attacks have been confirmed, adversaries are already leveraging the technology to refine their tactics. Meanwhile, Russia’s influence extends beyond state operations, inspiring hacktivist groups targeting the UK, US, and NATO allies. Recent disruptions such as the cyber-attack on Jaguar Land Rover, which halted manufacturing, and the airport outages affecting London Heathrow underscore the real-world consequences of these threats.
Domestic cybercrime remains a concern as well. Last week, two 17-year-olds were arrested in Hertfordshire over an alleged ransomware attack on the Kido nursery chain, exposing children’s data. NCSC CEO Richard Horne warned of the emotional toll on victims, noting, "I’ve sat in too many rooms with individuals deeply affected by these attacks the worry, the sleepless nights, the disruption to staff, suppliers, and customers."
With the UK recording its highest level of cyber threat activity in nine years, the NCSC’s findings signal a critical shift in the severity and frequency of digital attacks, demanding heightened vigilance across sectors.
Marks & Spencer TPRM report: https://www.rankiteo.com/company/marks-and-spencer
Jaguar Land Rover TPRM report: https://www.rankiteo.com/company/jaguar
Co-op Group TPRM report: https://www.rankiteo.com/company/co-operatives-uk
"id": "marco-jag1771151062",
"linkid": "marks-and-spencer, co-operatives-uk, jaguar",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'retail',
'location': 'UK',
'name': 'Marks & Spencer',
'type': 'retailer'},
{'industry': 'retail',
'location': 'UK',
'name': 'Co-op Group',
'type': 'retailer'},
{'industry': 'automotive',
'location': 'UK',
'name': 'Jaguar Land Rover',
'type': 'manufacturer'},
{'industry': 'aviation',
'location': 'UK',
'name': 'London Heathrow Airport',
'type': 'airport'},
{'customers_affected': True,
'industry': 'childcare',
'location': 'UK',
'name': 'Kido nursery chain',
'type': 'education'}],
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['children’s data',
'personally identifiable '
'information']},
'description': 'The UK’s cybersecurity landscape has grown increasingly '
"volatile, with 'highly significant' cyber-attacks rising by "
'50% over the past year. The NCSC handled 429 cyber incidents, '
"including 18 'highly significant' attacks disrupting "
'government operations, essential services, or the economy. '
'State-backed adversaries include China, Russia, Iran, and '
'North Korea, alongside ransomware and hacktivism threats. '
'Victims included major retailers like Marks & Spencer and the '
'Co-op Group, as well as Jaguar Land Rover and London '
'Heathrow.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'downtime': True,
'identity_theft_risk': True,
'operational_impact': ['halted manufacturing', 'airport outages'],
'systems_affected': ['government operations',
'essential services',
'retail',
'manufacturing',
'aviation']},
'lessons_learned': 'Cyber-resilience must be treated as a board-level '
'priority, with proactive risk management and governance '
'embedded at the highest levels. The emotional and '
'operational toll of cyber-attacks on victims is '
'significant.',
'motivation': ['geopolitical', 'financial gain', 'disruption'],
'post_incident_analysis': {'corrective_actions': ['prioritize cyber risk '
'management',
'embed governance',
'enhance vigilance'],
'root_causes': ['state-backed threats',
'ransomware',
'hacktivism',
'expanding digital attack '
'surface']},
'recommendations': 'Businesses of all sizes should prioritize cyber risk '
'management, embed it into governance, and lead from the '
'top. Enhanced vigilance and preparedness are critical '
'given the rising threat landscape.',
'references': [{'source': 'National Cyber Security Centre (NCSC) Annual '
'Review'}],
'response': {'law_enforcement_notified': True},
'stakeholder_advisories': 'Government officials urge businesses to treat '
'cyber-resilience as a priority, warning of '
'intensified hostile activity. GCHQ Director '
'emphasizes proactive risk management.',
'threat_actor': ['China',
'Russia',
'Iran',
'North Korea',
'criminal groups',
'hacktivist groups'],
'title': 'UK Surge in Cyber-Attacks by State-Backed Threats',
'type': ['ransomware', 'state-sponsored', 'hacktivism']}