This weekly review highlights key cybersecurity developments from national agencies and global organisations, focusing on incident impact, attacker behaviour, and systemic risk.

This week’s developments reinforce a trend that has been building for some time: cybersecurity incidents are becoming fewer in number but greater in impact. National agencies and global organisations are increasingly framing cyber risk not as a technical issue, but as a direct threat to business continuity and organisational resilience.

Two major reports released this week, alongside a critical vulnerability disclosure, provide a clear snapshot of how the threat landscape is evolving.

‍

UK NCSC 2025 Annual Review: Incident Volume and Impact

The UK National Cyber Security Centre (NCSC) published its annual review for 2025, offering insight into the scale and severity of incidents handled over the past year. In total, the NCSC responded to more than 429 cybersecurity incidents.

Of these, 204 were classified as nationally significant, a sharp increase from 89 in 2024. Eighteen incidents were deemed highly significant, representing attacks with substantial operational, economic, or societal impact. These included well-publicised incidents affecting major organisations such as Jaguar Land Rover and Marks & Spencer.

The report underscores a clear trend: while organisations may not experience constant crisis, the incidents that do occur are increasingly disruptive. The NCSC’s leadership described cybersecurity as a matter of business survival, reflecting how deeply digital systems are now embedded in core operations.

Alongside the review, the NCSC also released new tools aimed primarily at smaller organisations. These tools are designed to help identify security gaps, highlight weaknesses, and provide guidance on improving baseline cyber maturity.

‍

CEO Survey Highlights Shift from Ransomware to Fraud and Identity Abuse

A separate report from the World Economic Forum (WEF) examined survey responses from CEOs across multiple industries and regions. One of the more notable findings was a reported increase in fraud-related incidents alongside a perceived decline in ransomware attacks.

This shift aligns with broader industry observations. Improvements in endpoint detection and response capabilities have made large-scale ransomware encryption more difficult to execute without early detection. As a result, attackers are increasingly focusing on identity compromise, data theft, and extortion without encryption.

Rather than encrypting systems, attackers are extracting sensitive data or abusing compromised identities to impersonate trusted users. These techniques reduce visibility, prolong dwell time, and often bypass controls designed to detect traditional ransomware activity.

‍

Supply Chain Cyber Risk and Persistent Visibility Gaps

The World Economic Forum report also highlighted ongoing concerns around supply chain security. Only 27 percent of organisations surveyed indicated that they perform regular cybersecurity maturity assessments on their suppliers.

This lack of visibility creates systemic risk. Organisations may have strong internal controls while remaining exposed through third parties with weaker security postures. Supply chain attacks continue to offer attackers a scalable way to bypass perimeter defences by targeting trusted vendors instead of primary targets.

Improving supplier risk management requires more than contractual assurances. Regular assessments, minimum security standards, and continuous monitoring are increasingly necessary to reduce exposure.

‍

CISA Alert: Critical Hewlett Packard Enterprise Vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding a critical vulnerability affecting Hewlett Packard Enterprise (HPE) software. The flaw allows unauthenticated remote code execution through a REST API endpoint that does not require authentication.

An attacker with network access to the affected system could execute arbitrary code by crafting a specific API request. Given the potential impact, organisations using affected HPE products should review exposure and apply vendor-recommended mitigations without delay.

‍

Key Takeaways for Security Teams

This week’s updates reinforce several consistent themes. High-impact incidents are increasing in severity, even if overall volumes remain manageable. Attackers are shifting away from ransomware toward identity abuse and data-centric extortion. Supply chain risk continues to outpace visibility and governance efforts. Critical vulnerabilities in widely deployed enterprise software remain a persistent threat.

These are not isolated developments. They reflect longer-term changes in how attacks are executed and where organisations remain exposed.