The National Cyber Security Centre’s (NCSC) Annual Review 2024, published on 3 December, provides a comprehensive examination of the evolving cyber threat landscape in the UK. It highlights the increasingly sophisticated attacks targeting businesses, government bodies, and individuals, and emphasises the urgent need for bolstered defences, greater resilience, and closer collaboration.
According to the report, the NCSC’s Incident Management (IM) team intervened in 430 of the 1,957 cyber-incident reports it received over the past year, surpassing the 371 interventions recorded in 2023. Notably, 89 of these incidents were nationally significant, including 12 critical cases – a threefold rise compared to the previous year.
In addition, the IM team issued 542 bespoke notifications to UK organisations experiencing cyber incidents in 2024, more than double last year’s total of 258. These findings underscore the stark increase in both the volume and severity of attacks.
To help break it down for you, here are the five key takeaways that capture the most important insights from this year’s review.
Cyber threats in 2024 are characterised by their growing complexity and sophistication, with an increasing number of threat actors employing advanced tactics to disrupt critical services, steal sensitive data, and cause harm to organisations across all sectors. The NCSC identifies a range of threat vectors, including ransomware, cyber espionage, and AI-driven attacks, each presenting unique challenges for defenders.
One of the most alarming trends is the increase in state-sponsored cyber activity, particularly from countries like Russia, China, Iran, and North Korea. These actors are targeting a broad range of sectors, from government institutions to private industry, and their attacks are becoming more disruptive and strategic. In addition to traditional cyber espionage and intellectual property theft, these actors are increasingly targeting critical national infrastructure (CNI), such as energy, healthcare, and telecommunications systems, with the aim of creating long-term disruption.
The report also highlights the growing interconnectedness of the digital world, which has increased the vulnerability of systems and services. As organisations become more reliant on interconnected networks, a single cyber attack can ripple through multiple industries, magnifying its impact. The complexity of the threat landscape, combined with the ever-expanding attack surface, makes it more difficult for organisations to stay ahead of the rapidly evolving tactics employed by cyber criminals and hostile states.
Ransomware continues to be one of the most pervasive and disruptive threats to the UK, with the review noting a steady increase in the volume and severity of attacks. Ransomware attacks, which typically involve encrypting an organisation’s data and demanding a ransom for its release, are particularly damaging to critical sectors like healthcare, education, and government.
The NCSC highlights that ransomware is not only targeting large, high-profile organisations but also increasingly impacting small and medium-sized businesses (SMEs), which may lack the resources to defend themselves effectively. The cost of these attacks is not just financial; the impact on business operations, reputations, and customer trust can be profound.
One of the significant developments in the ransomware landscape is the rise of ransomware-as-a-service (RaaS), which has lowered the barrier to entry for cyber criminals. With minimal technical expertise required, anyone with malicious intent can now launch ransomware attacks using off-the-shelf tools, making these types of incidents even more widespread and difficult to combat.
To help mitigate this threat, the NCSC stresses the importance of basic cyber hygiene practices such as applying security patches, implementing multi-factor authentication (MFA), and using backups to ensure data can be restored without paying the ransom.
As artificial intelligence (AI) continues to evolve, it presents both opportunities and risks. On the one hand, AI can be used to enhance cyber defences, automating threat detection, improving incident response times, and enhancing the accuracy of cyber risk assessments. However, the review warns that AI is also being exploited by malicious actors to amplify the scale and impact of cyber attacks.
Cyber criminals are increasingly using AI to automate tasks like reconnaissance, social engineering, and data analysis, which can make attacks faster, more efficient, and harder to detect. For example, AI tools can analyse large volumes of data to identify vulnerabilities in systems, enabling attackers to exploit weaknesses before organisations have a chance to patch them.
AI is also playing a major role in generative AI technologies, which can produce fake content, such as convincing emails, images, or videos, to deceive victims. These deepfake attacks are making it harder for individuals and businesses to distinguish between legitimate communications and malicious ones. Social engineering tactics, such as phishing and spear-phishing, are becoming more realistic and harder to detect as AI improves the quality of fake communications.
The NCSC notes that the growing use of AI by threat actors is a significant challenge for defenders, who must develop new strategies and technologies to combat this emerging threat.
The NCSC stresses that while many UK businesses have made progress in improving their cyber defences, too many are still vulnerable to common cyber threats. Basic security measures, such as regular software updates, secure passwords, and employee training, are often overlooked or inadequately implemented.
The review highlights that many organisations underestimate the severity of the risks they face and are not fully prepared for the consequences of a cyber attack. As the review points out, cyber resilience is not just about preventing breaches but also about ensuring that an organisation can recover quickly if one occurs.
The NCSC calls on businesses, particularly small and medium-sized enterprises (SMEs), to adopt more robust cyber security practices and to implement frameworks such as Cyber Essentials and the Cyber Assessment Framework (CAF). The review also underscores the importance of developing a skilled cyber workforce, as cybersecurity expertise remains in short supply.
One of the more alarming trends highlighted in the NCSC’s 2024 review is the growing proliferation of commercial cyber tools. These tools, which were once available only to nation-states, are now widely accessible to cyber criminals and other malicious actors. As the commercial cyber intrusion sector expands, low-skill actors can access sophisticated cyber capabilities, including exploitation tools, malware kits, and cyber weaponry.
The review warns that this lowering of the barrier to entry for cyber-attacks will likely lead to an increase in the number and variety of cyber incidents in the coming years. These tools are often sold on the black market, making them available to a wider range of threat actors. The rise of these tools, combined with the increasing use of AI, will likely contribute to a widening of the attack surface, making it harder for defenders to stay ahead.
The review emphasises that organisations must take proactive steps to protect themselves by investing in strong cyber defences and staying vigilant against the growing number of cyber threats.
Adarma provides customised cybersecurity solutions to assist businesses in achieving future-ready cyber resilience. We protect organisations in the FTSE 350, including those in CNI and other regulated sectors. We offer effective threat detection and incident response, acting as an extension of your team to enhance your security posture and optimise your security investments for maximum risk reduction.
Our approach enables organisations to decrease cyber risks by implementing effective threat intelligence, exposure management, and detection and response capabilities. We offer tailored threat intelligence, technological solutions, and strategic consultations catering to our customers’ specific security requirements and business goals. Our expertise guarantees a balanced approach between security and operational efficiency, safeguarding our customers’ most crucial infrastructure and data.
If you would like to learn more about how Adarma can support your organisation’s cyber resilience, please get in touch with us at hello@adarma.com.
To hear more from us, check out the latest issue of ‘Cyber Insiders,’ our c-suite publication that explores the state of the threat landscape, emerging cyber threats, and most effective cybersecurity best practices.
You can also listen to our new podcast, which explores what it’s really like to work in cybersecurity in today’s threat landscape.
Stay updated with the latest threat insights from Adarma by following us on X and LinkedIn.
![adarma_logo_twgt-black[11615449]](https://adarma.com/wp-content/uploads/2022/10/adarma_logo_twgt-black11615449.png){kind=logo}
