Business: Cybercrime
(asked on 27th June 2025) - View Source
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign, Commonwealth and Development Affairs, what information the National Cyber Security Centre holds on the number of cyber attacks that were carried out against UK-based businesses between 2022 and 2024.
The cyber threat picture in the UK is diverse. Cyber security incidents can be reported into several different agencies within the UK depending on the type and severity of the incident. The UK's National Cyber Security Centre (NCSC) provides practical, expert guidance tailored to help businesses of all sizes build resilience against evolving cyber threats. NCSC also addresses a wide range of national cyber threats, from protecting citizens against online harm to responding to major cyber incidents. I recently met with NCSC colleagues to discuss the trends in threats and attacks and how we ensure high levels of resilience.
Since September 2024, NCSC have managed more than 200 incidents, with a significant proportion impacting businesses across the UK. This includes twice as many nationally significant incidents as the same period a year ago. As published in the NCSC Annual Review (https://www.ncsc.gov.uk/files/NCSC_Annual_Review_2024.pdf) the breakdown of incidents managed by the NCSC Incident Management team is as follows:
Date | Number of Incidents |
Sept 21 - Aug 22 | 355 |
Sept 22 - Aug 23 | 371 |
Sept 23 - Aug 24 | 430 |
Other credible reports on cyber incidents include the Department for Science, Innovation and Technology's Cyber Security Breaches survey from each of the last three years: 2022 (https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022), 2023 (https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023) and 2024 (https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024). The Information Commissioner's Office also has an Incident Trend Report (https://ico.org.uk/action-weve-taken/complaints-and-concerns-data-sets/data-security-incident-trends/) on cyber incidents reported to them.