This week, the UK’s National Cyber Security Centre (NCSC) released its latest Annual Review, offering critical insights into the evolving threat landscape. The message is clear: cybersecurity has outgrown the server room. It’s now a boardroom and national security issue — one that directly impacts economic stability, critical infrastructure, and citizen trust. This blog breaks down the NCSC’s key insights, highlights what’s changed in CAF 4.0, and outlines what business and security leaders should prioritise to stay ahead of increasingly sophisticated threats.
Increasing Threat Landscape
In the past year, NCSC has reported 429 incidents of which 48% are Nationally significant incidents; 18 were classified as highly significant in nature, a 50% increase when compared to previous year. For all, Highly Significant incident is a successful cyber-attack that has a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy to the likes of incidents with this year’s retailers and auto manufacturers in the UK.
There are nation state attacks originating from China (Fla Typhoon), Russia (Authentic Antics Malware), DPRK, Iran with Ransomware becoming the most pervasive cyber threats with Lockbit ransomware strain as the most deployed strains globally.
While Threat Actors use AI and Large Language Models (LLMs) to enhance Adversaries’ Tactics, Techniques & Procedures (TTPs) and vulnerability research and exploit deployment, AI in cyber is leading the efforts in defensive and detection techniques to keep up with the rapid increase in volumes. NCSC has given specific focus to Critical National Infrastructures (CNI) such as ports, utility networks with central, local governments and NHS, becoming a target for disruption and espionage activities.
NCSC’s Key Recommendations for Operational Resilience:
Engineering cyber Resilience in Operations is the key and there is no one single silver bullet for cyber security; However, NCSC outlines a pragmatic, multi layered approach for ensuring cyber resilience:
- Get immutable backups in place and test for disaster recovery scenarios
- Usually, all organizations have a flat hierarchy. Lock down using End point privilege manager and network segregation through micro-segmentation techniques
- Apply Need to know principle and principle of least privileges; Integrate IGA and PAM
- Increased observability and monitoring with automated response actions, Agentic AI for cyber response and predict attacks with dark web monitoring
- Bring in FIDO resistant MFA technologies for secure authentication
- Get ready to migrate to Post Quantum Cryptography as the target date is 2028
- Secure AI systems while applying CAF 4.0; Perform risk assessments leveraging FAIR model assessments to measure your resilience and ensure benchmarking against peer groups
- Vulnerability management with focus on forgivable vs unforgivable vulnerabilities
The NCSC’s Cyber Assessment Framework (CAF) 4.0, was released in August 2025, reflects a decisive shift toward operational resilience and continuous assurance. It introduces over 100 new Indicators of Good Practice (IGPs) and strengthens expectations across key domains — from risk-based vulnerability management and red teaming to AI risk governance and third-party assurance.
CAF 4.0 explicitly encourages organisations to move beyond compliance checklists and instead validate their ability to detect, withstand, and recover from real-world attacks. By embedding continuous threat exposure management (CTEM), scenario-based testing, and board-level accountability, the framework directly addresses the threats outlined in the NCSC’s latest review — from AI-enabled cybercrime to ransomware and critical infrastructure targeting.
How can Mastek help?
Mastek provides end-to-end cyber security services from consulting assessments, Cyber Engineering and implementation services to managed support services covering IDENTIFY | PROTECT | DETECT | RESPOND | RECOVER services with attack simulations at technical and as well as the board level for enterprises. We have been supporting UK’s central government in secure implementations and engineering. Reach us out here.
