NCSC warns: China drives 50% UK cyber attack
Cyber report flags China’s role in UK attacks Pixabay

On 14 October 2025, the National Cyber Security Centre (NCSC) released its Annual Review, revealing a 50 per cent surge in highly significant UK cyber attacks—18 cases over the year to August. China was flagged as a 'highly sophisticated and capable' threat actor fuelling this escalation.

From covert espionage to disruptive sabotage, Beijing-backed hackers target critical infrastructure and businesses relentlessly in a grey zone of global tensions that endangers national security. As everyday firms reel from breaches like the Co-operative Group's £206 million hit, the NCSC urges immediate resilience-building before the next wave strikes.

The Surge: 50 Per Cent Rise in Major Cyber Attacks

The NCSC's 2025 Annual Review documents 18 highly significant cyber incidents from September 2024 to August 2025, a 50 per cent jump from the prior year. These events encompass disruptions to government, essential services and the wider economy.

With an average of four nationally significant attacks per week, the threat landscape is described as 'increasingly diffuse and dangerous'. State actors are exploiting AI to amplify reach and impact. Retail giants like Marks & Spencer suffered breaches in 2025, losing an estimated £300 million in revenue from network penetrations that emptied shelves and compromised customer data.

China emerges as a key driver, its operations contributing to this record tally alongside Russia, Iran and North Korea. Hostile states pursue goals short of outright conflict. The review highlights how such incursions, often undetected for months, erode trust and amplify economic fallout, compelling sectors from manufacturing to finance to fortify cyber defences amid geopolitical strains.

China's Shadow: Sophisticated State-Sponsored Campaigns

Beijing's cyber apparatus poses a 'highly sophisticated and capable' menace, according to the NCSC. State-linked groups have been probing UK institutions across telecoms, energy and beyond for intelligence gathering and sabotage.

In August 2025, the NCSC partnered with global allies to unmask three China-based firms behind a persistent campaign against critical networks. These operations targeted foreign governments and infrastructure, using custom tools for stealth and persistence. This builds on earlier revelations, like the 2024 condemnation of attacks on UK businesses and officials, where hackers harvested emails and documents for espionage.

In a CyberUK speech on 7 May 2025, NCSC CEO Richard Horne called China 'the pacing threat in the cyber realm', expressing 'profound and profuse concern' over its activities targeting departments and vital systems.

Such tactics, evolving with AI, reflect a hybrid warfare model. A spying trial against two Britons accused of working for Beijing collapsed in 2025, seemingly highlighting the regime's reach. Proceedings were halted due to evidence gaps.

For UK households and businesses, this translated to a need for vigilance against subtle infiltrations that could cascade into widespread blackouts or data heists.

NCSC's Call to Action: Building Resilience Now

In response to China's growing role, the NCSC is urging organisations to treat cyber threats as a 'wake-up call'. It recommends conducting drills to expose vulnerabilities and ensure continuity in payroll, machinery and supply chains.

Horne emphasised: 'The time to act is now. Could you run your payroll systems? Or keep your machinery working? Or stock your shelves? If the answer is no, or more likely "don't know" – act now.'

The Annual Review calls for collaboration beyond detection, urging businesses to share intelligence and adopt multi-layered defences against state-backed adversaries.

Co-operative Group CEO Shirine Khoury-Haq echoed this statement following the company's breach: 'Nothing truly prepares you for the moment a real cyber event unfolds... Those drills are invaluable – they build muscle memory, sharpen instincts.'

Writer's pick