NCSC blocked over 600 cyber attacks against UK businesses in 2019

Agency's third annual report highlights ongoing threat of malicious nation-state actors

The UK's national cyber security agency has said it defended against 658 cyber attacks against UK businesses and organisations over the past year.

The figures came as part of the NCSC's annual review, which looked at the organisation's work between 1 September 2018 and 31 August 2019. Since forming in 2016, the latest figures now bring the total number of thwarted attacks against UK targets to 1,800, with a large number of those coming from malicious state actors.

One of its first major projects of 2019 was supporting the joint efforts of the UK and Dutch government's to expose Russia's military intelligence agency, the GRU, which was conducting cyber attacks on political institutions, businesses, media and sporting organisations.

As part of its work, the NCSC said it also took down 177,335 phishing URLs over the last year. As a result, the country's share of visible phishing websites is now down to just 2% as of August 2019.

The agency said it aims to develop, operate and maintain world-class technical security capabilities to counter these threats from the country's most capable adversaries.

"We've made great progress on making the UK safer since launching our world-leading 1.9 billion cyber security strategy in 2015," said Minister for the Cabinet Office Oliver Dowden. "Establishing the NCSC was a key part of this and has played a central role in tackling online threats posed by criminals, hacktivists and hostile nation states."

NCSC chief executive Ciaran Martin said the review "gives a real insight into the breadth of outstanding work done by the NCSC and underlines why we are a world leader in cyber security".

"From handling more than 600 incidents many from hostile nation states to equipping the public with the tools they need to stay safe online, we are employing our expertise on a number of fronts. I am proud to lead this organisation and optimistic that, in a constantly evolving landscape, we can help make this the safest country to live and work online."


NCSC took down 177,335 phishing URLs over the course of the year with 62.4% of those removed within 24 hours. As of August 2019, the UK's share of these attacks has been reduced to 2%.

Part of the NCSC's strategy for reducing cyber attacks is realised through its 'Active Cyber Defence (ACD)' initiative that empowers businesses and organisations to take more responsibility with cyber security.

"The ultimate goal for Active Cyber Defence is for there to be fewer cyber attacks in the world, causing less harm," the report said. "It represents a significant step-change in the country's approach to cyber security, because of its voluntary, non-regulatory, non-statutory approach delivered in partnership with central government, local government and business."

In 2016, HMRC was the 16th most targeted organisation in the world for phishing scams, according to the report. In Sept 2019, as a result of ACD services and HMRC's own countermeasures, its ranking had dropped to 126.

Hostile states

Since it formed in 2016, the NCSC says it has handled almost 1,800 cyber attacks with 658 of those taking place between 1 September 2018 to 31 August 2019. It also says that a significant number of these have come from hostile nations state actors, such as Russia, China, Iran and North Korea.

The NCSC said it knows more than ever before about its cyber foes thanks to its network of international partners. Last year, the organisation's CEO Ciaran Martin said that the UK had yet to see any major attack from a state-sponsored actor, but warned that a "category one attack" was coming.

The most famous of these state actors is the group known as APT28, or Fancy Bear, which has been linked to many high profile incidents in recent years, such as the cyber attack on the 2018 Winter Olympics, the massive power outage to the Ukranian city Kiev and most notoriously, it's alleged involvement in the 2016 US presidential elections.

Card Fraud

The NCSC thwarted more than one million cases of suspected payment card fraud in its third year. This was done through 'Operation Haulster' which sought to uncover which payment cards were being targeted by online fraudsters.

"Where payment fraud was historically driven by card cloning, it has since migrated to transactions where the card does not need to be present, such as online purchases," said Caroline Hermon, head of AI at SAS UK & Ireland. "While it is true that this provides the customer with a more seamless experience, it also aids fraudsters by helping them access funds through illicit transactions and gives banks less time to detect fraudulent activity."

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Most Popular

Dell XPS 15 (2021) review: The best just got better

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
UK businesses urged to join four-day working week trial
Business operations

UK businesses urged to join four-day working week trial

17 Jan 2022