China poses a «highly sophisticated and capable» cyber threat, the UK’s cyber agency has warned – as it revealed a 50% jump in significant attacks in Britain by criminals and hostile states. The National Cyber Security Centre (NCSC)’s verdict on the threat posed by Chinese cyber spies comes as Sir Keir Starmer is under mounting pressure over the sudden collapse of a trial against two British men accused of espionage on behalf of Beijing. The Crown Prosecution Service said the case was derailed because the government would not deliver evidence to show China had been a threat to Britain’s national security at the time of the alleged offences between 2021 and 2023. The prime minister said Beijing had not been classed as an «enemy» back then.
Yet a 2023 review by the NCSC – which is part of Government Communications Headquarters – refers to the «advanced threats» posed by China to the UK’s critical national infrastructure. A similar alarm was raised in the annual review in 2022: «The regimes that continued to present the most acute cyber threat to the UK and its interests were Russia, China, Iran, and North Korea.» In its latest report, published on Tuesday, the cybersecurity agency stated: «China continues to be a highly sophisticated and capable threat actor, targeting a wide range of sectors and institutions across the globe, including the UK. This review covers the year to August 2025.
With hacks and ransomware increasingly crippling some of the UK’s biggest brands, the NCSC said the number of «highly significant» cyberattacks – classed as those impacting the government, essential services, large chunks of the population or the economy – surged 50% to 18 cases over the past year compared with the previous 12 months.
The government did not provide a breakdown of whether those suspected of being responsible for the attacks were lone wolves, criminals or hostile states. «Cyber is being used by state and non-state actors to achieve their goals, and the overall cyber threat to the UK is growing from an already high level,» it said. Among the most high-profile victims of cyber foul-play have been the car manufacturer Jaguar Land Rover (JLR) and retailers M&S, Co-op, and Harrods. Investigators are reported to be looking at whether a Russian state-backed actor targeted JLR. That hack forced the company temporarily to close its factories and had a major impact on its supply chain, prompting the government to agree a £1.5bn loan. Separately, four people were arrested in July over the cyberattacks against the three retailers.
Attacks should be a ‘wake-up call’. Richard Horne, head of the NCSC, said such attacks should be a «wake-up call» and urged the bosses of every company – big and small – to build their resilience against cyber threats. «The time to act is now,» he will say, according to an advanced copy of a speech he is set to deliver this morning. He will say it is vital for businesses to know what they would do if their computer screens went blank. «Could you run your payroll systems? Or keep your machinery working? Or stock your shelves?» he will say. «If the answer is no, or more likely ‘don’t know’ – act now.»
Offering a sense of the real-world impact of a cyber assault, Shirine Khoury-Haq, the boss of the Co-operative Group, shared how it felt to be targeted. «The attack has had a significant impact on me, my colleagues, and on our members,» she wrote in a foreword to the review. «While you can plan meticulously, invest in the right tools, and run countless exercises, nothing truly prepares you for the moment a real cyber event unfolds. The intensity, urgency, and unpredictability of a live attack is unlike anything you can rehearse. That said, those drills are invaluable – they build muscle memory, sharpen instincts, and expose vulnerabilities in your systems. The cyberattack cost Co-op at least £206m in lost revenues after hackers penetrated its networks, prompting shortages of goods on shelves and the loss of customer data. As well as calling out China, the NCSC also focused on the threat posed by Russia, Iran, and North Korea. It further flagged concerns about how cyber attackers are using artificial intelligence to enhance their capabilities.
SOURCE