Joseph Jarnecki responds to the National Cyber Security Centre's annual review showing a sharp rise in 'nationally significant' breeches

'The 2025 NCSC Annual Review offers a snapshot of the UK's cyber security posture — and is a reminder of how much remains to be done. 'Highly significant’ incidents – where incidents have a 'serious impact' on government, people or the economy – have increased by 50% in the past year, suggesting that despite targeted interventions, the threat environment is intensifying faster than our defences are hardening.'

'The review underscores that the NCSC is doing what it can within its limited mandate: issuing technical guidance, doubling down on cyber essentials, investing in research to understand what interventions work, and exploring a second phase of the Active Cyber Defence (ACD) programme. Yet recent incidents, impacting organisations including the Co-Op, Jaguar Land Rover and Marks & Spencer, demonstrate that business as usual is not enough. The NCSC annual review is not a vehicle for announcing government policy — and it shouldn’t be – but today’s report highlights a wider uncertainty about whether the UK's current strategy is moving the dial fast enough to meet the growing scale and sophistication of cyber threats.'

Comment by Joseph Jarnecki, Research Fellow, Cyber and Tech