Skip to navigation Skip to main content Skip to footer
News

NCC Group backs NCSC’s call for urgent action on cyber resilience

14 October 2025

NCC Group welcomes the publication of the National Cyber Security Centre’s (NCSC) 2025 Annual Review, which lays bare the scale and urgency of the cyber threat facing the UK. 

The report reveals that the NCSC handled 204 ‘nationally significant’ cyber attacks in the past year - more than double the previous year’s figure, with an average of four such incidents occurring every week. Of these, 18 were deemed ‘highly significant’, marking a 50% year-on-year increase and underscoring the growing risk to essential services.  

In response, Mike Maddison, CEO of NCC Group, commented: 

“We strongly endorse the NCSC’s call for business leaders to take responsibility for their organisation’s cyber resilience. As the report rightly states, cyber security is now a matter of economic security, and done well, it’s a catalyst for innovation and growth. 

The decisions made in boardrooms today will shape the resilience of our economy tomorrow. In future, being regretful that your organisation didn’t invest enough in cyber resilience won’t cut it. Those decisions may need to be justified not just to shareholders and customers, but to regulators, the media, and even the courts.” 

We are particularly pleased to see the launch of the Cyber Action Toolkit for small businesses, a vital step in closing the resilience gap for SMEs, which make up 99% of UK businesses. NCC Group has long advocated for a Digital Safety Net for smaller organisations, recognising that many lack the resources to implement proportionate protections. The Toolkit’s personalised, step-by-step guidance is a welcome addition to the national cyber resilience landscape.  

The report also highlights the importance of public-private collaboration. We’re proud to have supported many of the initiatives featured, including: 

  • Industry100, the world-leading secondment programme 

  • Principles-Based Assurance, NCSC’s new approach to technology assurance 

  • The Pall Mall Process, tackling the proliferation of commercial cyber intrusion capabilities 

  • CYBERUK, NCSC’s flagship annual event 

  • The North West roundtable co-hosted with NCSC in Manchester 

  • Cyber First 

The review also calls for engineering resilience against critical loss - a principle NCC Group has long championed. Prevention and detection alone are not enough; systems must be designed to recover and operate following disruption.  

Finally, the report’s emphasis on supply chain risk is a timely reminder. Despite a rise in supplier-based breaches, only 14% of UK businesses reviewed the cyber risk of their immediate suppliers in the past year. Our own research shows that: 

  • 92% of organisations trust their suppliers follow best practices – yet a third don’t conduct regular risk assessments 

  • 21% believe they wouldn’t be affected if a key supplier was offline for five days 

  • Only 41% are confident in how they monitor supplier cyber security 

These figures highlight a dangerous disconnect between perception and reality. We urge all organisations to take a proactive approach to supply chain risk – starting with visibility, assessment and assurance. 

The time to act is now. NCC Group remains committed to working with government, industry and academia to build a safer, more resilient digital future.