Table of contents
Approximate read time: 5 minutes
1. What are cyber attacks?
Cyber attacks are attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices.[1] Attacks typically involve delivering, installing and running malicious software, known as malware.[2]
A common method of delivering malware is through using scam emails, messages or calls to trick people into sharing information required to access a system or to download malware themselves, a process known as “phishing”.[3] The compromised system is often used only as an entry point. For example, supply chain attacks occur where third-party service providers are targeted to spread malware to clients.[4]
There are various forms of malware.[5] For example, ransomware allows an attacker to steal data or prevent users from accessing a system until a ransom is paid, whereas spyware is designed to remain unnoticed on a device while monitoring activity and extracting data. Malware can also allow computers to be controlled remotely; these ‘infected’ computers are known as bots.
An independent study commissioned by the Department for Science, Innovation and Technology (DSIT) estimated that cyber attacks on businesses cost the UK £14.7bn in 2024, equivalent to 0.5% of the UK’s annual gross domestic product.[6]
2. Who are the attackers and the targets?
The principal malicious actors posing a threat to UK cyber security include cyber criminals, hacktivists and states, although the lines between these groups are becoming increasingly blurred.[7] Cyber criminals are primarily financially motivated, while hacktivists seek to effect social or political change.
States and state-sponsored groups may conduct cyber attacks for the purposes of espionage, financial gain, retribution or spreading disinformation. The National Cyber Security Centre (NCSC) listed China, Russia, Iran and North Korea as key states posing a threat to UK cyber security.[8] Former CEO of the NCSC, Professor Ciaran Martin, argued in March 2025 that “the transformation of China’s digital attack capabilities is the most important change in the cyber threat to the West in more than a decade”.[9]
Attackers target organisations and individuals across the private, public and third sectors. The cyber security breaches survey 2025 reported that approximately 43% of UK businesses and 30% of UK charities had identified a cyber breach or attack in the past year.[10] Recent high profile examples include ransomware attacks on Marks and Spencer in April 2025 and Jaguar Land Rover in August 2025.[11]
Attacks on the UK government include a 2024 supply chain ransomware attack on the Ministry of Defence, via a contractor providing payroll services, and an attack on the Foreign, Commonwealth and Development Office in October 2025.[12] It has been speculated that the latter was conducted by a Chinese-affiliated group.[13]
3. How is the cyber threat changing?
The number of cyber attacks managed by the NCSC classed as ‘nationally significant’ rose from 63 in 2022 to 204 in 2025.[14] Those classed as ‘highly significant’, defined as “having a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy”, rose in number each year from one in 2022 to 18 in 2025.
The NCSC’s 2025 review highlighted the following key drivers increasing the UK cyber threat: increased commercial availability of advanced cyber tools, use of AI to enhance cyber attacks and increasing dependencies on third-party suppliers of IT services increasing the risk of supply chain attacks.[15]
4. What is the government doing to strengthen cyber security?
DSIT published the ‘Government cyber action plan’ on 6 January 2026 “to strengthen cyber resilience across government”, replacing the previous Conservative government’s ‘Government cyber security strategy: 2022 to 2030’. The plan was published in response to DSIT’s ‘State of digital government review’ and the National Audit Office’s ‘Government cyber resilience’ report, which concluded that the government’s cyber security was not keeping pace with escalating threats.
DSIT states that the plan will be driven by the newly formed Government Cyber Unit, backed by £210mn of central investment.[16] The plan sets out responsibilities and accountability mechanisms, and sets mandatory requirements. It also includes the establishment of the Government Cyber Coordination Centre (GC3) to coordinate responses to cross-government incidents and the new software security ambassador scheme to drive adoption of the software security code of practice.[17] This voluntary code of practice sets out cyber security measures that organisations developing or selling software should have in place, such as having a clear process for testing software before distribution and providing timely security updates for customers.
The Cyber Security and Resilience (Network and Information Systems) Bill (currently in the House of Commons) intends to reduce the risk of supply chain attacks by placing duties on organisations that provide services to government. The bill would amend the Network and Information Systems Regulations 2018 to bring more organisations in scope, provide additional powers to regulators and allow the secretary of state to amend the regulations to respond to evolving threats.[18] During its second reading in the House of Commons the bill was criticised by the opposition for not placing statutory duties on the public sector.[19] The government argued that there was no need for this, as the cyber action plan will hold government departments to the same standards as those set out in the bill.[20] As of 2 March 2026, the bill is in the House of Commons report stage and a carry-over motion has been passed.[21] The bill is expected to arrive in the House of Lords in the next parliamentary session.
5. Read more
- House of Commons Library, ‘Cybersecurity in the UK’, 23 December 2025
- House of Commons Library, ‘Cyber Security and Resilience (Network and Information Systems) Bill 2024–26’, 17 December 2025
- Parliamentary Office of Science and Technology, ‘Cyber resilience of UK digital infrastructure’, 10 September 2025
Image by Sasun Bughdaryan on Unsplash.
References
- National Cyber Security Centre, ‘Advice and guidance: Cyber attack’, 3 March 2026. Return to text
- Microsoft Security, ‘What is malware?’, accessed 6 January 2026. Return to text
- Information Commissioner’s Office, ‘Phishing’, accessed 7 January 2026. Return to text
- Information Commissioner’s Office, ‘Supply chain attacks’, accessed 7 January 2026. Return to text
- Microsoft Security, ‘What is malware?’, accessed 6 January 2026. Return to text
- KPMG, ‘Economic modelling of sector specific costings of cyber attacks’, 12 November 2025. Return to text
- National Cyber Security Centre, ‘It’s time to act: Annual review 2025’, 14 October 2025; and European Union Agency for Cybersecurity, ‘ENISA threat landscape 2025’, 1 October 2025, pp 13–14. Return to text
- National Cyber Security Centre, ‘It’s time to act: Annual review 2025’, 14 October 2025. Return to text
- Professor Ciaran Martin, ‘Typhoons in cyberspace’, Royal United Services Institute, 20 March 2025. Return to text
- Department for Science, Innovation and Technology and Home Office, ‘Cyber security breaches survey 2025’, 19 June 2025. Return to text
- BBC News, ‘What can I buy online at M&S since the hack?’, 1 May 2025; and ‘JLR hack is costliest cyber attack in UK history, say analysts’, 22 October 2025. Return to text
- HL Hansard, 8 May 2024, col 148; and BBC News, ‘Inquiry ongoing after UK government hacked, says minister’, 19 December 2025. Return to text
- Jim Pickard and Robert Wright, ‘China blamed for UK government cyber attack’, Financial Times (£), 19 December 2025. Return to text
- National Cyber Security Centre, ‘It’s time to act: Annual review 2025’, 14 October 2025, p 26. Return to text
- As above, pp 22 and 42. Return to text
- Department for Science, Innovation and Technology, ‘New cyber action plan to tackle threats and strengthen public services’, 6 January 2026. Return to text
- Government Security, ‘Government Cyber Coordination Centre (GC3)’, accessed 10 February 2026; Department for Science, Innovation and Technology, ‘Software security ambassadors scheme’, 15 January 2026; and Department for Science, Innovation and Technology, ‘Software security code of practice’, 7 May 2025. Return to text
- Explanatory notes to the Cyber Security and Resilience (Network and Information Systems) Bill 2024–26, p 5. Return to text
- HC Hansard, 6 January 2026, cols 184 and 191. Return to text
- HC Hansard, 6 January 2026, col 175. Return to text
- HC Hansard, 6 January 2026, col 230. Return to text