In its 2025 Annual Review, the UK’s National Cyber Security Centre (NCSC) issued one of its clearest warnings to date: organisations must prepare for a day when their screens go dark. This really is a realistic scenario in which critical systems fail, operations grind to a halt, and leadership teams are forced to confront the question: could we still function if our IT went offline today?
The NCSC’s message cuts deep in the national cyber conversation. We all know that in cyber, it’s no longer about avoiding every possible breach. The conversation is now about ensuring that when disruption happens, and unfortunately it will, your business can respond, recover, and continue to operate.
The Reality: Attacks Are Rising, and They’re More Disruptive
The NCSC handled 429 cyber incidents over the past year, with 204 classed as “nationally significant” and 18 deemed “highly significant.” That’s roughly four major cyberattacks every week in the UK, double the volume of last year.
These are no longer isolated technical issues but real-world disruptions that bring business operations to a standstill. Attacks in recent months have halted supply chains, shut down payroll systems, and even forced hospitals to revert to manual processes. As NCSC CEO Dr Richard Horne put it:
“Cyber security is now a matter of business survival and national resilience.”
That phrase “business survival” is critical. Cyberattacks have evolved from IT issues into full-scale business continuity crises that can shut down entire organisations within hours.
From the Server Room to the Boardroom
One of the strongest messages from this year’s NCSC review is that cybersecurity can no longer live solely within IT departments. Ministers have written directly to FTSE 350 firms to demand that boards take ownership of cyber resilience, integrating it into enterprise risk and governance strategies.
At Core to Cloud, we’ve seen this shift firsthand. The organisations that fare best after an incident are those where leadership treats resilience as a strategic function, not a technical afterthought. The ability to recover, to communicate, coordinate, and make critical decisions when technology fails, starts long before an attack ever happens.
It starts in the boardroom.
Resilience Over Reaction
The NCSC’s guidance echoes what Core to Cloud has long advocated: prevention alone is not enough. Every organisation, no matter how well protected, will face compromise at some point. What matters most is how prepared you are to respond.
That preparation goes beyond having backups or a written incident response plan. It means testing those plans under pressure, in realistic, high-stakes crisis simulations. It means ensuring that operational and executive teams can still function if networks, phones, or cloud services suddenly go offline.
It also means embedding resilience across your ecosystem. Many recent incidents began not with a direct breach, but through a supply chain partner. One weak vendor can quickly become the entry point for a major compromise. Building resilience therefore requires understanding and monitoring every layer of your digital dependencies.
The Changing Threat Landscape
Attackers are becoming more sophisticated by leveraging automation, AI, and social engineering to target both systems and people. Meanwhile, organisations are accelerating digital transformation, expanding cloud footprints and remote operations faster than security teams can adapt.
The result is business’s resilience gap is widening. Many organisations know the risks but struggle to act at pace. The NCSC’s 2025 report warns that complacency is now one of the biggest threats. As one security commentator summarised: “The question isn’t if your screens go dark – it’s how you’ll keep the lights on when they do.”
Building the Capability to Recover
At Core to Cloud, we help organisations address precisely this challenge: not just detecting threats, but building the capability to recover from them. That includes:
- Incident response testing and crisis simulation, to strengthen decision-making under pressure.
- Managed detection and response (MDR), ensuring threats are spotted and contained before they escalate.
- Third-party risk monitoring, identifying vulnerabilities across your wider ecosystem.
- Posture assessments and resilience planning, ensuring your business can continue operating even under duress.
Our approach aligns with the NCSC’s call for proactive, holistic resilience where security is not simply reactive, but operationally integrated and human-led.
Why Acting Now Matters
The cost of inaction has never been greater. We’ve seen attacks take down operations for weeks, damage reputations beyond repair, and even push organisations to closure. Insurance premiums are rising, regulators are tightening expectations, and customers are losing patience with companies that fail to protect their data.
Resilience is no longer a competitive advantage but a fundamental necessity for every organisation. The NCSC’s warning makes clear that the time for incremental improvement has passed. Those who prepare now will not only survive disruption but emerge stronger, more trusted, and more competitive in the face of future threats.
The Bottom Line
The NCSC’s 2025 Annual Review urges preparation, reminding organisations to strengthen their resilience before disruption strikes rather than give in to panic. It challenges every organisation to look beyond prevention and ask a more fundamental question: what happens when prevention fails?
At Core to Cloud, we believe resilience is not just a technical state but a mindset that defines how organisations anticipate and respond to challenges. It’s about readiness, response, and recovery.
When the screens go dark, the organisations that survive are those that have a plan, have already rehearsed what comes next, and whose teams know what their role is.
