Over 1,000 cybersecurity incidents were reported to GCHQ's National Cyber Security Centre (NCSC) in its first year of operation, amounting to more than two significant attacks every day, with over half representing a significant threat, the organization said in an annual review published October 3.
A colossal 590 significant attacks were included in the 1,131 total. Over 30 required a response from the government, although none were classed as "category one" — involving disruption of government or targeting critical infrastructure such as energy.
Significant attacks recorded over the year included incidents targeting the National Health Service (NHS), the House of Commons and the Scottish Parliament, as well as large and small businesses, amongst other organizations.
In the case of the NHS, category two attack WannaCry crippled the organization, reducing it temporarily to an operation run via pen and paper, and threatening lives in the process. This devastating instance has prompted professionals to consider the possibility of an even worse attack.
NCSC Chief Ciaran Martin said the 2017 Annual Review indicated progress in working with government, industry and citizens, but conceded much more needed to be done, as the cyber threat was "large, growing and diverse."
"We are proud of what we have achieved in our first 12 months, but there is so much more to do in the years ahead to counter this threat to our values, prosperity and way of life," Martin stated.
He added the NCSC's work to date included producing over 200,000 protective items for military communications, supporting the Cabinet Office in improving security for government organizations and the Home Office in developing a next-generation emergency services network.
NCSC initiatives to help private sector organisations better protect themselves have seen the average lifetime for phishing sites hosted in the UK drop from 27 hours to under an hour, and the NCSC's information-sharing platform with industry, the Cyber Security Information Sharing Partnership (CSISP) grew 43 percent over the year, while 1,000 young people took advantage of the NCSC's CyberFirst courses.
The NCSC report follows mere weeks after the agency's Technical Director Dr. Ian Levy predicted a massive category one attack would hit the UK before 2022, which would necessitate a major, global reaction.
Major attacks, such as WannaCry, have greatly raised awareness among politicians, big business and the public about the threat of cyber strikes, although this vital development may have come too late.
In August, a survey commissioned by the British government revealed a mere one in ten companies quoted on the FTSE 350 stock exchange index do not have a response plan for a cyberattack.
In May 2018, a new Data Protection Bill is due to come into effect, introducing greater responsibilities for firms and charities in respect of protecting confidential data.