CEO Richard Horne has unveiled the National Cyber Security Centre (NCSC) ninth Annual Review, titled ‘It’s time to act’.
He said that the NCSC has dealt with four nationally significant incidents a week; and 18 over the year to August 2025 were classed as ‘highly significant’, attacks which have a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy; ‘a marked increase for the third consecutive year’.
He said that while organisations have built good defences, and the UK official NCSC is also seeing more organisations able to continue in the face of an attack that does break through, ‘we do see our attackers improving their ability to cause real impact…to inflict pain on the organisations they have breached and those who rely on them’.
Resilience
Peter Connolly, CEO at the security consultancy Toro Solutions, says that the NCSC is right to highlight the importance of resilience beyond cyber controls. He says: “Modern attackers don’t just target systems; they exploit people, processes, supply chains, and physical assets, often all at once. No single system or team can stand alone. True resilience only works when cyber, physical and people security are connected and tested together. It’s not enough to have a plan on paper; you need to rehearse it, stress test it and make sure teams know how to respond when things go wrong. The goal isn’t to be unbreakable, it’s to be able to bend, recover and keep operating when disruption hits.”
You’re a target
Richard Ford, Chief Technology Officer at Integrity360, says that one thing is clear – it doesn’t matter how large your organisation is – you are at risk, and sooner or later, cyber criminals will attempt to target you. He says: “It’s not a matter of whether your organisation will face a security incident, but when. That’s why having a robust incident response plan is crucial for any business.
“Once an incident is identified, containment becomes the first priority. Your plan should include procedures for both immediate and long-term containment, such as isolating affected systems or updating security protocols. The plan must detail how to find the root cause of an incident and eliminate it. Additionally, it should also outline the steps required to restore and validate system functionality for business operations to resume.
“The effectiveness of an incident response plan can be measured through regular testing, such as tabletop exercises or live drills, to ensure team readiness. Metrics such as the time to detect, respond to, and recover from incidents offer valuable insights into the plan’s effectiveness. Continuous improvement – driven by these metrics and feedback from post-incident reviews – is essential for maintaining a strong incident response capability.”
CyberUp call
