“It’s no surprise that the UK is under near-constant cyber-attack,” Toby states. “As industries digitize, their most essential functions increasingly rely on connected devices and IoT infrastructure.

“This growing dependence broadens the threat landscape and necessitates a heightened level of vigilance, along with an acknowledgment of the vulnerabilities that can no longer be overlooked.

“From energy and healthcare to retail and manufacturing, connected devices now serve as the backbone of daily operations. They manage heating and power, monitor patients, and optimize production lines. Yet many remain outside traditional IT perimeters, creating blind spots where attackers can operate undetected.

“With thousands or even millions of endpoints across supply chains, the challenge lies not in securing a single device but in safeguarding the entire network that links them. The government is correct to emphasize board-level attention—cyber resilience has become a strategic necessity.

“Our approach to IoT security must shift from fragmented protection to integrated resilience. Secure-by-design connectivity, bolstered by robust authentication, anomaly detection, and continuous visibility, ensures that every device on a network is identifiable and shielded from compromise.

“This is the only sustainable method to protect the UK’s connected economy from the large-scale disruptions that the NCSC is warning about.”

Pierre Noel, Field CISO EMEA at Expel, adds: “Ransomware has quickly transformed from opportunistic encryption attacks into highly professionalized ecosystems. Today, ransomware groups function like SaaS businesses, complete with subscription tiers, dashboards, and user support. They exploit vulnerabilities, compromised credentials, or misconfigured appliances.