October 2025: UK cyber incidents surge — what your business must do now

If your leadership team needed a nudge to prioritise cyber resilience, October 2025 delivered it. The UK’s National Cyber Security Centre (NCSC) reports a record rise in serious attacks over the last year, with 204 nationally significant incidents between September 2024 and August 2025 — up from 89 the previous year (a ~130% increase). NCSC+1

That spike isn’t abstract. Government briefings and business press in mid-October warned boards to treat cyber as a core operational risk, noting the disruption to well-known brands and the cascading impact on supply chains and smaller vendors. Reuters

At the same time, the physical-digital perimeter is shifting. Police forces expanded live facial recognition deployments at large-footfall sites and events this month, highlighting how identity assurance and privacy considerations are converging with corporate security planning (e.g., retail, stadiums, travel hubs). gmp.police.uk+1

Meanwhile, for venues and customer-facing sites, Martyn’s Law (the Terrorism (Protection of Premises) Act 2025) is now on the statute book, with sector guidance still rolling out — making October a smart moment to align cyber and physical readiness under one governance umbrella. Legislation.gov.uk+1

What this means for UK organisations (action plan you can start this week)

1. Board-level ownership & testing

   • Put cyber on the risk register with defined RTO/RPO targets and run a tabletop exercise that includes third-party outage scenarios (the pattern behind many of 2024/25’s biggest disruptions). Reuters

2. Ransomware & data exfiltration playbook

   • Pre-agree decision trees (isolation, recovery, comms, law-enforcement liaison) and validate that offline, immutable backups are actually restorable within your RTO. The NCSC’s review highlights the scale and severity trend; assume breach and drill. NCSC

3. Supplier risk hardening

   • Map critical vendors (including “small but vital” suppliers), enforce minimum controls (MFA, patch SLAs, logging), and require incident notification clauses. Government warnings this month singled out supply-chain fragility. Reuters

4. Identity & access

   • Tighten privileged access with just-in-time elevation and conditional access. If your sites intersect with public spaces or events, review privacy impact assessments in light of expanding facial recognition policing nearby. Coordinate CCTV, data retention, and signage with legal counsel. ITVX

5. Threat-led protection for venues (Martyn’s Law)

   • If you operate premises in scope, start gap-closing now: proportionate risk assessments, staff training for incident response, and clear evacuation/comms procedures — and make sure your cyber dependency (e.g., access control, PA systems, Wi-Fi) is part of that plan. GOV.UK+1

6. Report, learn, iterate

   • Plug into official guidance updates and sector-specific advisories as NCSC publishes more detail post-review. Treat October’s figures as a baseline for continuous improvement, not a one-off scare. NCSC

October 2025’s data confirms what many teams are feeling — attacks are more frequent, more disruptive, and more connected across cyber and physical domains. Executives who act now on governance, supplier assurance, and incident readiness will weather the next wave far better than those waiting for perfect certainty. NCSC+1