The UK National Cyber Security Centre (NCSC) has reported an increase in the number and severity of cyber-attacks affecting UK organisations and individuals. The newly released NCSC Annual Review 2024 outlines the agency’s responses to incidents over the past year and examines the evolving challenges presented by cyber threats.
The NCSC’s Incident Management (IM) team responded to 430 incidents in 2024, compared to 371 in 2023. Among these, 89 were categorised as nationally significant, including 12 critical incidents, which is a threefold increase from the previous year.
The IM team handled a wide range of incidents, including 347 cases involving data exfiltration and 20 linked to ransomware. Manufacturing, IT, legal, and charitable sectors were among the most frequently targeted industries. By issuing notifications related to pre-ransomware activity, the team enabled organisations to act before ransomware attacks escalated.
The team also issued 542 bespoke notifications to organisations affected by cyber incidents, more than double the 258 notifications sent in 2023. Nearly half of these notifications are related to pre-ransomware activity, allowing organisations to detect and address threats before ransomware could be deployed.
“What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face and the defences that are in place to protect us,” said NCSC’s CEO Richard Horne.
He stressed the importance of accelerating efforts to address these challenges, stating, “And what is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.”
Horne also called for organisations to reconsider their approach to cybersecurity, adding, “We need all organisations, public and private, to see cybersecurity as both an essential foundation for their operations and a driver for growth. To view cybersecurity not just as a ‘necessary evil’ or compliance function, but as a business investment, a catalyst for innovation and an integral part of achieving their purpose.”
The Annual Review described how state-sponsored actors are contributing to an increasingly complex cyber threat landscape. Russian activities, including destructive malware attacks on Ukraine and attempts to disrupt NATO systems, were a significant focus of the report.
China was also identified as a prominent actor, targeting various industries and government entities. Earlier this year, the NCSC co-signed an advisory highlighting Chinese cyber activities that compromised US critical national infrastructure and attributed attacks on democratic institutions to Chinese state-affiliated groups.
Other state-linked activities included Iranian groups conducting aggressive cyber operations and North Korean actors prioritising revenue generation and intelligence-gathering activities.
Cybercrime and AI-driven threats
According to the NCSC Annual Review 2024, ransomware remained the most pervasive cyber threat, impacting sectors such as healthcare, education, manufacturing, and legal services. A significant example was an attack on Synnovis, a supplier to the NHS, which disrupted essential services and highlighted the broader operational risks posed by such breaches.
The report also examined the use of artificial intelligence (AI) by cybercriminals, particularly for reconnaissance, social engineering, and analysing exfiltrated data. The NCSC noted that AI has the potential to enhance both offensive and defensive cyber capabilities, with its application in defence expected to outpace adversarial uses.
Earlier this year, the NCSC cautioned that nation-states are likely already developing AI-powered malware, with organised cybercriminal gangs expected to adopt the technology soon. In a report on the transformative impact of AI on cybersecurity, the agency highlighted that the technology could significantly enhance the scale and efficiency of ransomware attacks. The NCSC warned that as AI lowers the barriers to entry for cybercrime, it could enable hacktivists and other less sophisticated threat actors to launch more advanced and widespread attacks.
Read more: Beware the threat of AI malware, says NCSC in new report
