BT Has Now Blocked over a Billion Clicks to Malicious Websites, Says NCSC

The UK’s National Cyber Security Centre (NCSC) has turned its Share and Defend programme into a powerful shield for telecom customers. By feeding real‑time malicious‑site alerts to BT, EE and other operators, the scheme has already intercepted more than a billion dangerous clicks. The protective layer covers 46 million mobile users and 12 million fixed‑line subscribers, illustrating how large‑scale threat intelligence can be operationalised at the network edge to stop phishing, malware and ransomware before they reach end‑users.

Share and Defend’s strength lies in its hybrid data sources. It combines NCSC‑curated threat feeds, private sector contributions, and takedown notices generated by Netcraft and other partners. The Protective Domain Name Service, hosted by Cloudflare and Accenture, intercepts DNS queries for known bad domains, effectively cutting off access at the routing level. This multi‑vector approach gives telcos the flexibility to block only the most severe threats, aligning security actions with their own risk appetites while preserving legitimate traffic.

Looking ahead, the NCSC aims to broaden participation beyond the current roster of BT, EE, Vodafone Three, PXC and the Janet network operator Jsic. Wider adoption could create a de‑facto national firewall for malicious web content, raising the baseline of cyber hygiene across the UK’s digital ecosystem. For other markets, the model offers a template: combine government‑backed intelligence with private‑sector delivery mechanisms to achieve scalable, low‑latency protection for millions of users without imposing heavy on‑premise solutions.