Cyber security in 2025: What you need to know from the NCSC Annual Review

Blog|by Leanne Bevan|23 October 2025

The National Cyber Security Centre (NCSC) has published its 2025 Annual Review - and it’s a wake-up call. From ransomware surges to AI-powered threats, the cyber landscape is shifting fast. Here’s what you need to know to stay ahead.

1. Cyber incidents are escalating fast

Between September 2024 and August 2025, the NCSC responded to 204 nationally significant cyber incidents - a 130% increase year-on-year. In total, 429 incidents required direct support out of 1,727 reports. So, the message is clear: cyber threats are growing in scale, complexity and impact.

2. Ransomware and nation-state attacks are on the rise

Ransomware remains the most disruptive threat, with high-profile attacks hitting Marks & Spencer, Co-op Group, and Jaguar Land Rover. Nation-state actors are also stepping up their game:

  • China: Flax Typhoon group
  • Russia: Authentic Antics malware
  • Iran: Targeting critical infrastructure
  • North Korea: Fake IT worker scams
These groups are deploying increasingly sophisticated tactics - making international cyber diplomacy and defence more vital than ever.

3. AI is changing the game - for better or worse

Artificial Intelligence and Large Language Models (LLMs) are now part of the cyber arms race. Attackers are using AI to automate and personalise phishing campaigns. Meanwhile, defenders are leveraging AI to boost detection and response. The NCSC is also preparing for post-quantum cryptography and next-gen digital identity frameworks.

4. Cyber security is a board-level priority

Cyber risk isn’t just an IT issue — it’s a strategic business concern. The NCSC is urging FTSE 100 and FTSE 250 companies to:
  • Sign up for the Early Warning service
  • Ensure suppliers meet Cyber Essentials standards
  • Treat cyber security as a boardroom issue, not a back-office task

 

5. Resilience is the new standard

Resilience engineering is now central to cyber defence. Key practices include:
  • Immutable backups
  • Disaster recovery testing
  • Cyber governance training for boards
Organisations with Cyber Essentials certification saw 92% fewer insurance claims - proof that proactive security pays off. And if that's something you're looking into, we recommend using CyberSmart for support with achieving and monitoring your compliance with the certification. As for backup, disaster recovery and awareness training, we've also got you covered - check out our cyber security solutions.

6. The financial fallout is real - but recoverable

The average cost of a cyber attack now exceeds £1 million. However, there’s good news: Q2 2025 saw a 27% drop in direct financial losses, suggesting that smarter response strategies are starting to make a difference.

How are you going to stay confident in the evolving cyber landscape?

The NCSC’s 2025 review is a clear signal: cyber threats are evolving, but so are our defences. By embracing AI, embedding cyber security into boardroom conversations, and investing in resilience, you can stay secure - and stay ahead.
And you don't have to do it alone - we can help you. Our free seven layers of security assessment highlights the seven fundamental areas of security you should have in place to build a fortress around your data and systems. Our experts will find gaps and offer tips on how you can remediate them. Book your appointment now - fill in the contact form below.
Stay informed. Stay secure. Stay confident.
23 October 2025 | Blog

Contact Grey Matter

If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.

By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.

Previous post
Understanding the mission critical assets layer of cyber security
Next post
Migrating from Bing Maps to Azure Maps: Planning for 2028 and Beyond
LinkedIn
Author

Leanne Bevan

Vendor Marketing Manager at Grey Matter

Leanne has been part of our team for over a decade, and has worked as a vendor marketing manager for a number of our key vendors. Now with a keen focus on cyber security as well as developer technologies, Leanne continues to manage marketing across several vendors, including Embarcadero, Acronis, ESET, and more.

Related News

New designation unlocked: Microsoft Support Services

We’re excited to share that we’ve been awarded the Microsoft Support Services Designation, reserved for partners with a proven track record of delivering excellent customer outcomes through advanced technical support.  This achievement recognises our ability to deliver expert-led, high-quality services on behalf of Microsoft. With this designation, we’ve got the accreditation...

News|20 February 2026
Microsoft 365 Copilot for Security explained

In this episode of Grey Matter Talks Tech, host (and cyber security expert) Scott Harrison is joined by Microsoft 365 Solutions Specialist Olaitan Almaroof to explore the security features and business benefits of Microsoft 365 Copilot for Security.  What the...

Podcast|19 February 2026
Copilot Chat vs Microsoft 365 Copilot

Microsoft’s ongoing Copilot business promotion gives businesses like yours the chance to bring AI into your everyday with up to 35% off. But did you know: Copilot Chat is already included in your Microsoft 365 business subscription.  Copilot Chat is a great tool for brainstorming, researching and getting quick answers all in a standalone chat window. But...

Blog|19 February 2026
Why human layer security is or should be front of mind for businesses 

In an era of multi-million-pound AI-driven cyber defences, a startling truth remains: the most sophisticated “hack” doesn’t target a server – it targets a person. As we move through the mid-2020s, the human layer has become the primary battleground for global cyber security. And for businesses that want to stay resilient, strengthening it...

Blog|17 February 2026

Select Your Region

This content may not be available in your selected country.