2026 marks ten years of Netcraft and the UK’s National Cyber Security Centre working together to detect and disrupt cyber threats targeting the UK.
This partnership spans from the launch of NCSC in 2016 through to its Active Cyber Defencee 2.0 evolution in 2026. Over the past year, working with the NCSC, Netcraft carried out 1.2 million takedowns, with more than 50% of phishing URLs being removed within one hour.
Netcraft’s platform covers detection and takedown of a broader range of commodity cyber threats that impact the UK, including exposed web shells on compromised UK web servers, malware C2 infrastructure, fraudulent ecommerce sites targeting UK consumers. It also powers the Suspicious URL Reporting Service.
This sustained pressure, driven by rapid and effective takedown, has contributed to the proportion of global phishing URLs hosted in the UK falling from 5% in 2016 to 1– 2% today.
Earlier this year, Netcraft began to deliver the NCSC Proactive Notifications Service, part of ACD 2.0. Combining carefully designed, timely vulnerability detection across the UK internet attack surface with proactive outreach to reduce time to patch. Once a vulnerability is confirmed, Netcraft reports the issue to system owners to help them protect their services.
To reach them, we use Netcraft’s established notification network across the internet infrastructure industry to contact unenrolled system operators. This complements NCSC’s Early Warning service that already alerts registered organisations to threats observed on their networks.
Netcraft will be presenting on this topic at CyberUK 2026 in Glasgow in a joint session with NCSC at midday on Thursday covering our experimental design, metrics to quantify progress so far, and strategies to continue innovation and disruption for many more years to come.
