Three local authorities leading the Active Cyber Defence Charge

Figures released by the National Cyber Security Centre (NCSC) have revealed that its Active Cyber Defence (ACD) initiative, which was launched one year ago, is proving successful.

The figures from Active Cyber Defence – One Year On show that three local authorities are among the organisations best defending themselves from online scams.

Four pioneering ACD programmes are available – Web Check, DMARC, Public Sector DNS and a takedown service – and form part of the National Cyber Security Strategy to improve basic cyber security by disrupting commodity cyberattacks that affect UK citizens.

The technology, which is free at the point of use, improves defence against threats by blocking fake emails, removing phishing attacks and stopping public sector systems veering onto malicious servers.

Key findings from Active Cyber Defence – One Year On show that since the ACD was introduced:

  • UK share of visible global phishing attacks dropped from 5.3% (June 2016) to 3.1% (Nov 2017)
  • removed 121,479 phishing sites hosted in the UK – and 18,067 worldwide spoofing UK government
  • takedown availability times for sites spoofing government brands down from 42 hours to 10 hours
  • a dramatic drop of scam emails from bogus ‘’ accounts (total of 515,658 rejected in year)
  • average 4.5 million malicious emails per month blocked from reaching users (peak 30.3m in June)
  • more than 1 million security scans and 7 million security tests carried out on public sector websites

The report lists scam domains promoted by phishing emails that have now been removed, such as, and and shares examples of real phishing emails they have prevented from being delivered.

It also puts on record the 10 most spoofed government brands in the year, with HMRC the most targeted with 16,064 fake websites taken down. Also in the list are the DVLA, the Student Loans Company and the Crown Prosecution Service.

The report also breaks down the brands which have been most successfully protected from criminals for each month. Amongst the organisations best defending themselves from spoof attempts thanks to implementing ACD are local authorities such as Northumberland County Council (59,405 attempts in August), Cardiff Council (31,728 in December) and Denbighshire County Council (25,627 in May).

Dr Ian Levy, Technical Director of the NCSC, said: “Through the National Cyber Security Centre, the UK has taken a unique approach that is bold and interventionalist, aiming to make the UK an unattractive target to criminals or nation states.

“The ACD programme intends to increase our cyber adversaries’ risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks.

“The results we have published today are positive, but there is a lot more work to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.

“Our measures seem to already be having a great security benefit – we now need to incentivise others to do similar things to scale up the benefits to best protect the UK from commodity cyber attacks in a measurable way.”

Dr Levy continued: “This report shows that simple things, done at scale, can have a positive and measurable effect and the British UK public should be safer as a result of these measures.

“As these measures are scaled up, people should be asked less often to do impossible things, like judge whether an email or website is good or bad, less often.

“The NCSC has committed to being transparent and publishing data. We think the results here show that the first year of our Active Cyber Defence programme have been successful – and the following years will be really interesting.”

You can read the full report here:

Related reading