i Table of contents 164

NCC Group plc annual report and accounts for the year ended…

OT/IT Cyber Safety Webinar series Between December 2024 and February 2025, NCC Group’s OT/IT Cyber Safety Webinar series explored the critical intersection of IT and OT cyber security convergence and the safety considerations in industrial environments, addressing the unique challenges and opportunities that arise when legacy operational technologies meet modern digital systems amid rising cyber threats.

Watch our YouTube video series here: tinyurl.com/4c6s96tm

The NCC Group Cyber Security regulations maturity curve

Inflection point: the future trajectory is yet to be set in stone Inflection point: the future trajectory is yet to be set in stone Continued increase of volume of cyber rules and regulations, e.g. ransomware payment bans, mandating Cyber Essentials, etc. Continued increase of volume of cyber rules and regulations, e.g. ransomware payment bans, mandating Cyber Essentials, etc.

Commencement of enforcement actions Commencement of enforcement actions

Political recognition of market failure in Cyber Security Political recognition of market failure in Cyber Security

Period of heightened legislative and regulatory activity to “make up for lost ground” Period of heightened legislative and regulatory activity to “make up for lost ground”

Scattered Spider Scattered Spider

UK Cyber Security and Resilience Bill UK Cyber Security and Resilience Bill

Synnovis Synnovis EU Cyber Resilience Act EU Cyber Resilience Act

Regulatory settlement or equilibrium as cyber rules reach saturation, and increased mandated baseline forms part of “cyber toolbox” in 21st century increased mandated baseline forms part of “cyber toolbox” in 21st century Regulatory settlement or equilibrium as cyber rules reach saturation, and

EU NIS2 EU NIS2

Australia Cybersecurity Act Australia Cybersecurity Act

UK Product Security UK Product Security and Telecoms Infrastructure Act and Telecoms Infrastructure Act

US sector regulations US sector regulations UK Telecoms Security Act UK Telecoms Security Act

Australia Security of Critical Infrastructure Act Singapore Cybersecurity Act Singapore Cybersecurity Act Australia Security of Critical Infrastructure Act

EU Cybersecurity Act EU Cybersecurity Act

Reduction in regulatory requirements in the name of growth, competitiveness and innovation Reduction in regulatory requirements in the name of growth, competitiveness and innovation

EU NIS EU GDPR EU NIS EU GDPR

WannaCry NotPetya WannaCry NotPetya

2017 2017

2018 2018

2019 2019

2020 2020

2021 2021

2022 2022

2023 2023

2024 2024

2025 2025

Key Key

© 2025 NCC Group. All rights reserved. Please see www.nccgroup.com for further details. No reproduction is permitted in whole or part without written permission of NCC Group. This content is for general purposes only and should not be used as a substitute for consultation with professional advisers.

Legislative intervention Legislative intervention

NCC Group’s 1000+ respondent survey reveals the critical issues driving supply chain security in 2025 68% of organisations expect the severity and scale of supply chain attacks to escalate further

Lastly, the attack surface is expanding, with cloud migrations accelerating, SaaS proliferation and AI adoption continuing, and early discussions ongoing regarding the implications of quantum computing. Each new platform expands the potential for malicious attacks and reinforces the need for security to be embedded earlier into development pipelines. Demand is therefore rising for secure-by-design assessments, supply chain software assurance and MXDR coverage that spans traditional IT, cloud and OT environments. The breadth of clients we serve across industries, geographies and IT and OT environments has allowed us to build unique IP to help clients secure this expanding attack surface.

© 2025 NCC Group. All rights reserved. Please see www.nccgroup.com for further details. No reproduction is permitted in whole or part without written permission of NCC Group. This content is for general purposes only and should not be used as a substitute for consultation with professional advisers. © 2025 NCC Group. All rights reserved. Please see www.nccgroup.com for further details. No reproduction is permitted in whole or part without written permission of NCC Group. This content is for general purposes only and should not be used as a substitute for consultation with professional advisers.

45% experienced a cyber security breach in the prior 12 months 59% were concerned about visibility over their supply chain

Read more: www.nccgroup.com/the-state-of-supply-chain-security

NCC Group plc — Annual report and accounts for the year ended 30 September 2025 11

Made with FlippingBook Online newsletter maker