Over 5 million suspicious emails reported to the NCSC in the last 12 months

On the 18th November, the National Cyber Security Centre published their annual Review for 2021 – outlining the real world impact that we have delivered over the last 12 months.


The cyber threat to the UK and its allies continued to grow and evolve this year: from indiscriminate phishing scams against mass victims, to ransomware attacks against public and private organisations, to targeted hostile acts against critical national infrastructure and government.


While the threats came from a range of actors using an array of methods, they had one thing in common; they led to real-world impact. Life savings were stolen, critical and sensitive data was compromised, healthcare and public services were disrupted, and food and energy supplies were affected.


In the past 12 months the NCSC continued, in partnership with law enforcement, to monitor, counter and mitigate the threat, whether committed by sophisticated state actors, organised criminal groups or low-level offenders.


This review of its fifth year looks at some of the key developments and highlights between 1 September 2020 and 31 August 2021. As part of a national security agency not all its work can be disclosed publicly but the review seeks to describe the year with insights and facts from colleagues inside and outside of the organisation.


The NCSC led the national response to an unprecedented 777 incidents, with around 20% of these organisations linked to the health and vaccine sector. The growth in the number of incidents we handled is partly reflected by our ongoing work to proactively identify and mitigate risks.


Over the last 12 months, staff in the health sector and vaccine production have been protected from unintentionally accessing malicious domains through the NCSC's Protective Domain Name System service – blocking 4.4 billion potentially harmful interactions.


For example, the NCSC helped the University of Oxford’s Covid-19 vaccine researchers protect themselves from an attempted ransomware attempt with the potential to cause significant disruption to the UK’s pandemic response.


Through our Active Cyber Defence (ACD) services, we have continued to deliver services to protect the British public and organisations at scale. The Suspicious Email Reporting Service (SERS) has continued to be a success – with the British public reporting concerning emails to report@phishing.gov.uk more than 5 million times, directly leading to the removal of more than 53,000 scams and 96,500 URLs.


Overall, our ACD services have taken down 2.3 million cyber-enabled commodity campaigns, 442 phishing campaigns using NHS branding, and 80 illegitimate NHS apps hosted and available to download outside of official app stores.


The full report is available to read here.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.