Businesses of all sizes have been told to introduce protections against cyber attacks following a 50% rise in major incidents against British companies and organisations.
The National Cyber Security Centre (NCSC) said it dealt with 204 “nationally significant” cyber attacks against the UK in the 12 months to August 2025, a sharp increase from 89 in the previous year.
These are incidents which have a substantial impact on the UK’s national security, economy or critical infrastructure, including threats to essential services, sensitive data, or key government functions.
Marks and Spencer, Co-op, and Jaguar Land Rover are among the household names that have been targeted by cyber criminals this year and suffered significant disruption and costs.
M&S forecast it will lose around £300 million in operating profit, Co-op lost £206 million in sales and Jaguar has been predicted to lose up to £2 billion.
But it’s not just large firms that are at risk.
In the foreward to NCSC’s annual review, CEO Richard Horne said: “The new normal is that cyber criminals will target organisations of all sizes, operating in any sector.
“From local coffee shops to providers of critical national infrastructure, every organisation must understand their exposure, build their defences and have a plan for how they would continue to operate without their IT (and rebuild that IT at pace) were an attack to get through.”
A letter signed by technology secretary Liz Kendall, chancellor Rachel Reeves, business secretary Peter Kyle and security minister Dan Jarvis has been sent to the CEOs of the UK’s largest 350 companies urging them to to protect their businesses and the wider economy from cyber attacks.
“Hostile cyber activity in the UK is growing more intense, frequent and sophisticated,” the letter said.
“This is causing significant financial and social harm to UK businesses and citizens. There is a direct and active threat to our economic and national security which requires an urgent collective response.
“Recent high-profile cyber incidents show how attacks can seriously disrupt operations and damage profitability. In this increasingly hostile landscape, organisations recover better from incidents when they have planned for the worst and rehearsed their business continuity and recovery.”
Cyber security help for small businesses
The NCSC has also launched the Cyber Action Toolkit, a free resource to help sole traders and small businesses put in place the basic cyber security measures against the most common cyber threats.
In addition, businesses have been urged to implement the Cyber Essentials certification scheme, which includes automatic cyber liability insurance for any UK organisation with an annual turnover of less than £20 million.
Richard Horne said: “Cyber security is now a matter of business survival and national resilience.
“With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.
“The best way to defend against these attacks is for organisations to make themselves as hard a target as possible.
“That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.”
Cyber security advice for small businesses
Cyber security compliance: What you need to know
Five tips to mitigate cyber-attacks in your business
The password combinations most likely to get you hacked
Should businesses negotiate with ransomware criminals?