NatWest's Battle Against Cyber Threats

NatWest’s Battle Against Cyber Threats

May 15, 2025

Mark Fermor

NatWest has over 100 million Cyber attacks happening every month, according to Chris Ulliott, the Head of Cyber Security

Speaking to Members of the Scottish Parliament, Ulliott revealed that the UK bank is forced to block around a third of every email it receives because it is suspected of being an attack vector. That’s not spam, that’s not tactical weapons, not designed to breach staff accounts, steal credentials, and gain footholds within one of Britain’s most vital financial networks.

And yet, despite having its hundreds of cyber employees and its multi-million-pound defence budget, NatWest is just about holding on.

The Landscape Has Changed. Has Your Business?

The new cyber threat environment isn’t a question of raw numbers. It’s industrialised, automated, and now driven increasingly by generative AI. Ulliott warned that groups of threat actors, such as Scattered Spider, which is charged in the latest Marks & Spencer breach, are loose groups of young, technology-savvy players playing in real-time through web forums, taking advantage of capabilities once reserved for nation-states.

If this type of mature bank is driven into a constant cyber war, what is left for the rest of us?

Don’t Just Build Bigger Walls — Take Away the Target

The instinct is to spend money on more tools, more watches, more alerts. But as attacks multiply and accelerate faster than budgets and personnel can keep pace, there’s a more primitive question to ask:

Why are our most critical systems always still connected online?

Isolation is not an afterthought. It’s the control layer that most companies don’t have.

Whether core backups, identity stores, SCADA systems, or contract archives, if it doesn’t need to be online, chances are it shouldn’t be.

The Move Towards Physical Isolation

More and more organisations are exploring physical network separation as a component of their cyber resilience plan. While software segmentation is spoofable or misconfigurable, physical separation creates a situation that attackers just can’t see, much less reach.

Solutions like FireBreak™, which provide remote, immediate, non-IP-based separation, are creeping into the new control lever for boards and CISOs who desire certainty, not just mitigation.

Because the most secure system is the one that’s not even there, until you need it.

If NatWest requires millions to ride out the digital storm, maybe survival doesn’t need to be based on being online all the time.

→ Learn how disconnection is security

Tags :

Cybersecurity, News