The UK's National Cyber Security Centre (NCSC) has warned that the country faces an average of four "nationally significant" cyberattacks each week - a sharp 129% increase from the previous year.
Of a total of 429 incidents handled by the NCSC, a record 204 were classified as nationally "significant," and 18 ranked even more seriously as "highly significant" (meaning that they had the potential to have a serious impact on essential services).
In its 2025 annual review, the NCSC highlighted the increased frequency of more serious cyberattacks and the need for organisations to be properly prepared.
"Cyber security is now a matter of business survival and national resilience. With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace," said Dr Richard Horne, Chief Executive of the NCSC.
"The best way to defend against these attacks is for organisations to make themselves as hard a target as possible. That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now."
Obviously, there is an important message here for organisations of all sizes. But I was intrigued by the way one major news outlet reported it.
BBC News presented the story as a claim that the NCSC is suggesting "people should plan for potential cyberattacks by going back to pen and paper."
I was curious to know precisely what the NCSC had to say about that, as I knew it was likely to create further headlines and raise some eyebrows. So, I took a thorough look at the full report from the NCSC.
My findings? Well, although the NCSC in its report does not literally say "put your disaster recovery plans down on paper," it does remind organisations of the value of having crisis materials available should IT systems be forced offline due to a cyberattack. For instance, in Dr Horne's introduction he writes:
"From local coffee shops to providers of critical national infrastructure, every organisation must understand their exposure, build their defences, and have a plan for how they would continue to operate without their IT, (and rebuild that IT at pace) were an attack to get through."
Much later in the report, there is this mention of the value of printed plans while discussing how organisations need to have prepared their crisis response plans:
Such measures include ensuring availability of crisis response runbooks either digitally or physically on isolated platforms or hardcopy, emergency communication procedures and for physically diverse organisations fall back digital identity.
However, none of those statements explicitly instruct organisations to keep their disaster recovery or business continuity plans in printed paper form.
Does that mean it's a bad idea to have physical copies of your disaster recovery plans available should you suffer a cyber attack? Absolutely not!
Recent high-profile attacks in the UK against the likes of Marks & Spencer, Co-op, and Jaguar Land Rover have resulted in shoppers finding supermarket shelves empty and production lines being halted as firms struggled to restore their IT systems securely.
Over the years, there have been many reports of companies that have suffered a ransomware attack having to use external systems such as WhatsApp to communicate when their own email servers and Slack channels are not accessible.
So, it makes very good sense to have your recovery plans available in paper form or - if they are stored digitally - offline, out of the reach of hackers, as a contingency plan.
One important thing is for businesses to distinguish between backups and resilience.
A backup is reactive. It assumes that systems can be restored to their regular working order once an attack has been repelled and damage contained.
Resilience, however, acknowledges that IT defences will sometimes fail, and the focus is on maintaining business continuity as best as possible despite that failure.
A printed copy of your contingency plans demonstrates that your business is thinking about its resilience. It anticipates the possibility that your company might face a complete digital outage, whether caused by ransomware or similar cyberattack, or a containment measure imposed during your firm's response to the incident.
If all IT systems are unavailable—including your email, access to your cloud drives, and collaboration tools—you still need a way to communicate, coordinate, and make decisions. Print plans that cover your crisis procedures and contact lists may well prove invaluable.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.
Break the Attack Chain with Fortra
Advanced offensive and defensive security solutions. Complete attack chain coverage. Shared threat intel and analytics. Add Fortra to your arsenal.
