Monday 8 December, 2025
Surge in Major Cyberattacks Across the UK in 2025 of 50%
Significant Spend on Defensive Cyber Tooling Continues, as Does the Number of Headline Breaches.
Organisations Urged to Treat Cybersecurity as a Board-Level Priority
London, 8 December 2025 – The UK has seen a sharp increase in the scale, frequency, and sophistication of cyberattacks throughout 2025, resulting in widespread operational disruption and significant economic damage. Recent data and high-impact incidents have highlighted the urgent need for organisations to re-evaluate their security strategy and adopt an offensive mindset.
Major UK Attacks Rise by More Than 50%
The National Cyber Security Centre’s (NCSC) Annual Review 2025, covering the period from September 2024 to August 2025, has revealed the severity of the situation. During this time, the NCSC handled 204 nationally significant cyber incidents, a 50% increase from the previous year. The review also reported four high-impact attacks every week, each capable of disrupting essential services across the country and causing widespread operational and economic disruption. In the worst-case scenarios, these attacks could compromise not only business operations but also critical national infrastructure. The government is now urging organisations to take stronger action to protect the UK economy and make cyber resilience a board-level responsibility.
The economic impact of these attacks is equally concerning. The recent cyberattack against Jaguar Land Rover, believed to be the largest cyber incident in UK history, has been estimated to cost the UK economy £1.9 billion. This forced Jaguar Land Rover to shut down systems across their factories and offices, with cascading effects on as many as 5,000 organisations in its supply chain.
Richard Horne, Chief Executive of the NCSC, issued a clear warning: “Cybersecurity is now a matter of business survival and national resilience. The best way to defend against these attacks is for organisations to make themselves as hard a target as possible.”
Offensive Security: Thinking Faster than the Attacker
Keith Poyser, Vice President for EMEA at Horizon3.ai, explains that organisations can only become “harder targets” by adopting an offensive, attacker-like mindset: “Organisations must think faster than potential attackers. All attack surface, ongoing penetration testing is the only reliable way to determine whether hackers can break in and whether an organisation’s security controls are genuinely effective. Validate your defences in the context of your environment, don’t guess, or rely on noisy, low-relevance vulnerability lists alone.”
Although penetration testing has been around for decades, it has traditionally been conducted annually or quarterly and solely by humans, which is no longer sufficient in today’s rapidly evolving threat landscape. We have already seen AI tools being misused to rewrite attacks on the fly and adapt to defences or detection technologies.
Continuous, Autonomous Pentesting: A Crucial Solution
Platforms such as Horizon3.ai’s NodeZero® Offensive Security Platform enable organisations to validate their security posture as frequently as needed, even daily, without the cost, delays, or limitations of manual-only tests. With these platforms, businesses can emulate attacker techniques in live environments and seamlessly integrate them with agile and DevOps workflows, aligning security testing with how software is built and deployed today.
Too Many Organisations Rely on Defence
Horizon3.ai’s Cybersecurity Report UK 2024/25, which collected responses from managers with IT-level responsibility in 150 UK organisations, confirms that many organisations are not taking the right approach to face today’s rapidly evolving threat landscape. When asked whether they take a purely defensive stance against cyber threats or conduct offensive exercises to identify risks and vulnerabilities, 34% reported using only defensive measures, 21% focus on defence but occasionally conduct offensive exercises, and only 12% conduct offensive exercises internally. A further 15% were unsure how to approach this, while 18% said they outsource offensive exercises entirely.
In response to a question about which technology, solution, or practice would significantly improve their security, 12% said they would want more budget funds, while 37% said they want to know exactly where they are vulnerable so they can proactively address weaknesses—a clear indication of the need for autonomous penetration testing. 26% stated that they would need to convince the leadership that cybersecurity must be a top priority.
Cybersecurity Must Become a Board-Level Responsibility
Government bodies, industry regulators, and customers are increasingly urging CEOs, boards, and senior leaders to take explicit, personal ownership of cyber risk. This shift reflects a broader recognition that cybersecurity is now a core component of organisational stability, operational continuity, and economic resilience.
Penetration testing plays a pivotal role in meeting these heightened expectations and has become a cornerstone of both operational and economic resilience. By continuously validating defences, organisations can reduce their Mean Time to Remediate (MTTR), lower the cost of fixing weaknesses, and significantly strengthen their
Derick is an experienced reporter having held multiple senior roles for large publishers across Europe. Specialist subjects include small business and financial emerging markets.