NCSC Warns Data Centres Face Rising Cybersecurity Threats

The UK is facing a sharp increase in cyber attacks, with the National Cyber Security Centre (NCSC) warning that cybersecurity has become a matter of national resilience. Its Annual Review 2025 reveals that the organisation handled 204 nationally significant cyber incidents over the past year, more than double the 89 managed the previous year.

In total, the NCSC responded to 429 incidents, including 18 categorised as “highly significant” due to their potential to disrupt essential national services such as energy networks, healthcare systems and government operations. The findings reinforce the urgency for organisations to design digital infrastructure – particularly data centres and cloud environments – with resilience built in from the start.

Cybersecurity as a national priority

The report identifies a 50% year-on-year rise in major incidents, marking the third consecutive year of increased cyber activity. Dr Richard Horne, Chief Executive of the NCSC, describes cybersecurity as “a matter of business survival and national resilience,” warning that every organisation must elevate cyber readiness to a board-level priority.

“With nearly half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace,” he says. “The best way to defend against these attacks is for organisations to make themselves as hard a target as possible. That demands urgency from every business leader: hesitation is a vulnerability and the future of their business depends on the action they take today. The time to act is now.”

Ransomware remains the most common form of attack, with criminals increasingly targeting cloud systems, supply chains and connected infrastructure. State-backed groups from China, Russia, Iran and North Korea also pose persistent threats, driving the government’s call for stronger cybersecurity collaboration across the public and private sectors.

IoT and connectivity increase the attack surface

Toby Gasston, Principal Product Manager at Wireless Logic, highlights that as connectivity and IoT devices expand, the UK’s attack surface continues to grow.

“The UK being under near-constant cyber-attack comes as no surprise,” Toby says. “As industries digitise, their most critical functions increasingly depend on connected devices and IoT infrastructure. This growing reliance expands the threat surface and demands a new level of vigilance, along with recognition that it brings vulnerabilities which can no longer be ignored.”

He notes that sectors such as energy, healthcare and manufacturing are particularly exposed due to the integration of operational technology with IT systems. “With thousands or even millions of endpoints across supply chains, the challenge isn’t securing a single device but the entire network that connects them,” Toby adds. “The way we think about IoT security must evolve from piecemeal protection to built-in resilience.”

Ransomware’s evolution and the AI challenge

Pierre Noel, Field CISO EMEA at Expel, says ransomware has evolved into an organised criminal enterprise. “Ransomware has rapidly evolved from opportunistic encryption attacks into highly professionalised ecosystems. Currently, ransomware groups operate like SaaS businesses, complete with subscription tiers, dashboards and user support. They exploit vulnerabilities, compromised credentials or misconfigured appliances.”

Pierre explains: “Identity-based attack attempts dominate, accounting for 67.6% of the incidents our SOC handled in Q2 2025 for our customers. Alarmingly, 13.8% of observed threats were non targeted malware, underscoring that even indiscriminate campaigns can cause devastating damage when organisations lack basic cyber hygiene.”

He adds that the UK’s consultation on banning ransom payments could reshape the ransomware landscape, forcing attackers to rely on data theft and public exposure instead of encryption. “In this context, prevention is paramount,” he says. “For now, multilayered defence – immutable back-ups, strong visibility, rapid remediation, robust threat intelligence, continuous monitoring and regular testing – is the best path forward.”

Embedding resilience in digital infrastructure

Dolores Saiz, CEO of cloud consultancy The Server Labs, says the findings underline the need for organisations to integrate security into every aspect of their infrastructure.

“The 50% rise in cyber-attacks highlighted in the National Cyber Security Centre’s report is a stark reminder that no organisation is immune,” she says. “Security can’t be an afterthought or a reaction to a breach, it has to be engineered into the very fabric of every system, every process and every partnership.”

This aligns with global data showing rising cyber risk. The World Economic Forum’s Global Cybersecurity Outlook 2025 reports that 72% of organisations worldwide have experienced an increase in cyber threats, with ransomware incidents surging by 46%, driven by generative AI-enabled tools capable of automating phishing, credential theft and data exfiltration.

A spokesperson from Check Point Software adds that “the complexity and velocity of today’s cyber threats demand a multi-layered, prevention-first approach. Traditional detection alone is no longer sufficient – organisations need real-time, proactive security capable of stopping attacks before damage occurs.”

As cyber threats evolve, experts agree that resilience – not just detection – must define the next generation of data centre and cloud security strategy.