Earlier this year, the UK’s National Cyber Security Centre (NCSC) released its annual review for 2025. The report reveals the troubling reality of the modern threat landscape and, crucially, how the NCSC recommends organizations and the wider security ecosystem shield themselves from it. Let’s dive in.
Incident Frequency Has Stagnated, Incident Severity Has Skyrocketed
The number of incidents for which the NCSC provided support has remained largely unchanged. The severity of those incidents, however, has skyrocketed.
The NCSC sorts all incidents into one of three categories:
Category 1: National cyber emergency - A cyberattack which causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.
Category 2: Highly significant incident - A cyberattack which has a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy.
Category 3: Significant incident - A cyberattack which has a serious impact on a large organisation or on wider/local government, or which poses a considerable risk to central government or UK essential services.
From September 1 2024 to August 31 2025, 204 out of 429 incidents were nationally significant. Last year, just 89 out of 430 fell into the same category. What’s more, the NCSC categorized 4% (18) of all incidents as highly significant – a 50% increase from last year, and the third increase in as many years.
Engineering Resilience is the Path Forward
In light of these troubling findings, the NCSC has taken a renewed focus on national resilience. The ultimate goal is to ensure that the UK can withstand and recover from cyber threats across society – especially as attacks have increasingly wide-reaching impacts across the economy.
The NCSC’s approach for building this resilience is multi-pronged, focusing on engineering systems for survival, protecting critical services, and empowering the wider ecosystem.
Engineering Resilience
While established cybersecurity measures – like risk management, protective monitoring, and business continuity – remain essential, the NCSC urges organizations to consider how to engineer systems for resilience.
Resilience engineering is an architectural and operational approach to cybersecurity that helps organizations design systems that can operate and recover following a severe cyber incident.
In simple terms, it involves:
Designing an instant reset button:
Using Infrastructure as Code (IaC) to automatically and instantly rebuild systems from a clean, trusted blueprint. This deletes any hidden access an attacker may have installed.
Maintaining backups that attackers cannot change or destroy. Regularly practicing a full recovery of entire systems, even after catastrophic disasters.
Keeping threats locked up:
Breaking networks into many small, separate compartments through segmentation and zero trust practices.
Using special, isolated computers for IT managers to prevent hackers from stealing the keys to your entire network.
Limiting the damage:
Implement least privilege principles – giving every person and service only the absolute minimum access they need to do their job.
Allow for small failures that ensure that hackers cannot roam freely across your entire network.
Practicing for disaster:
Practice chaos engineering to deliberately cause system failures that confirm your detection and recovery tools actually work in real time.
Set up monitoring and logging across all systems.
Creating an unbreakable safety net:
Run the most critical services for business operations on two identical but distinct systems. If the primary system fails, the second system acts as a backup.
Engineering resilience, alongside operational crisis response capabilities, should help organizations ultimately achieve ‘Antifragility’. This means moving beyond simply withstanding shocks, to growing stronger because of them. Each incident becomes an opportunity to refine protections, detection capabilities, and response strategies, ensuring that systems not only survive but evolve.
How the NCSC Supports Organizations Building Resilience
The NCSC doesn’t just offer advice; it offers genuine support for organizations looking to build resilience. That support includes:
Automated Protection at Scale: Active Cyber Defense
The NCSC’s Active Cyber Defense (ACD) initiative harnesses automation and data to prevent attacks at scale. It effectively operates behind the scenes to block cyberattacks before they reach their targets, raising baseline protection for all registered organizations.
Empowering Organizations and Boards
In partnership with DSIT, the NCSC has developed Cyber Governance Training to empower boards to confidently implement the Cyber Governance Code of Practice and gain meaningful oversight of cyber risks.
Driving Supply Chain Security
In accordance with its guidance for building supply chain resilience against ransomware, the NCSC calls on large organizations to address supply chain risk. It argues that the best way to do this is to encourage supply chain organizations to adopt the Cyber Essentials scheme.
The Path Forward
The path to achieving true resilience isn’t an easy one. It demands accepting that breaches are inevitable, and redesigning systems and architecture so they can fail safely. The goal is to achieve Antifragility through resilience engineering, ensuring organizations become better equipped to combat and recover from attacks with every incident they experience.
Cybersecurity for Your Industry
Your industry is unique. Your cybersecurity stack should be, too. Fortra® offers cybersecurity solutions to meet the challenges and compliance requirements of industries around the world.
