UK hit by record number of ‘nationally significant’ cyberattacks

A record number of “nationally significant” cyberattacks hit the United Kingdom last year, the National Cyber Security Centre (NCSC) is to announce on Tuesday as it publishes its annual review for 2024.

The cyber agency will reveal its staff were scrambled to assist with the response to 429 attacks between the beginning of September 2024 and the end of August this year. Of these, 204 were considered “nationally significant” — more than double the 89 in that category handled in the twelve months prior. 

Of these 204 incidents, 18 were categorized as “highly significant” which is the second-most severe rating in the agency’s categorization scale, just behind a national cyber emergency. These 18 attacks had “a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy.”

In response to this rise, the British government is also announcing on Tuesday it will be writing to the chief executives and chairs of the country's leading businesses to “take concrete actions” to protect their enterprises from attacks.

In the wake of the month-plus disruption to Jaguar Land Rover (JLR), the letter alerts industry that hostile cyber activity targeting British businesses has become “more intense, frequent and sophisticated.”

The attack against JLR was described as “more than a company outage” but “an economic security incident” by Lucas Kello, the director of the University of Oxford's Academic Centre of Excellence in Cyber Security Research. “If disruption drags on for weeks or months, it imperils the government’s central growth mission. How can Britain achieve ‘the highest sustained growth in the G7’ if its top exporting sector stalls?”

The NCSC’s Annual Review has been drafted to specifically reference this threat, with a subheading calling for the country to “open your eyes to imminent risk to your economic security.”

In his foreword to the review, the security minister Dan Jarvis will warn that “cybersecurity has never been more pivotal to our national security and our economic health.”

After delivering a speech at the NCSC’s annual review event, Jarvis is set to have a meeting with representatives from FTSE 350 companies to stress the need for them to make cyber resilience a board-level responsibility.

“While we work round the clock to counter threats and provide support to businesses of all sizes — we cannot do it alone,” he will say, according to prepared remarks. “We’re working with business leaders to ensure they recognise the scale of the threat and make cyber security a top priority.”

Richard Horne, the NCSC’s chief executive, will warn: “Cyber security is now a matter of business survival and national resilience. With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.

“The best way to defend against these attacks is for organisations to make themselves as hard a target as possible. That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.”