UK cyberattacks: NCSC warns state actors including Russia, China and Iran are the gravest threat
NCSC warns UK cyberattacks by Russia, China and Iran are increasing in scale and sophistication; businesses urged to strengthen defenses as incidents surge.
The head of Britain’s National Cyber Security Centre warned Wednesday that UK cyberattacks of the most serious kind are increasingly the work of hostile states, and urged companies to prepare for sustained, large-scale digital aggression. Richard Horne, director of the NCSC, told delegates at the CyberUK conference in Glasgow that while criminal cybercrime remains common, the greatest dangers now stem from nation-state activity. He said the scale, sophistication and frequency of incidents demand action from government and industry alike.
NCSC reports rise in nationally significant incidents
The NCSC is managing a steady flow of serious cyber events, Horne said, estimating roughly four nationally significant incidents each week. U.K. security officials reported that the centre handled more than 200 such incidents in the past year, a sharp rise compared with previous seasons. Those figures underline a trend the agency links to heightened geopolitical tensions and expanding cyber tools deployed by state-backed groups.
State actors identified as primary threat sources
Horne singled out Russia, China and Iran as the primary sources of the most consequential attacks affecting the U.K. and Europe. He described Chinese military and intelligence cyber operations as highly sophisticated, and said Iran appears to employ cyber tools to target individuals and communities abroad for political repression. Russian operations, officials warn, display techniques refined in Ukraine and are now being adapted for use beyond the battlefield against Western targets.
European infrastructure incidents cited as warning signs
Recent intrusions against critical infrastructure across Europe were highlighted as evidence of the growing danger. Authorities in Sweden, Poland, Denmark and Norway have attributed disruptive hacks to actors linked to Russian services, with targets including heating plants, water utilities and dams. Western officials have catalogued more than 150 incidents of disruption and sabotage tied to Russian state or proxy activity since early 2022, raising concerns about spillover into commercial and civilian networks.
Economic impact and supply-chain vulnerabilities
U.K. ministers stressed the economic dimension of cyber operations, warning that attacks on logistics and supply chains can quietly erode national resilience. The security minister compared disruptive cyber incidents at major companies to in-person thefts and vandalism that ripple through local economies. He cautioned that in an escalatory conflict scenario, organizations would face attacks they could not resolve simply by paying ransoms and that business continuity depends on pre-emptive hardening.
Artificial intelligence accelerates attack dynamics
Officials at the conference warned that artificial intelligence is lowering the barrier for sophisticated cyber exploitation by automating discovery of vulnerabilities. Ministers urged AI firms to partner with government to develop targeted programs that help defenders patch weaknesses and simulate adversary methods. The call reflects a broader push to combine private-sector agility with state resources to detect, disrupt and attribute complex campaigns more quickly.
Practical steps for firms and public-sector bodies
Authorities called on companies of all sizes to map critical assets, adopt robust patching and backup regimes, and rehearse incident response plans that anticipate state-level disruption. The NCSC reiterated its role as a central hub for guidance and coordination, offering threat intelligence and technical assistance to bolster resilience. Officials also urged increased information-sharing across industries and closer collaboration with allied governments to track and deter transnational cyber operations.
The warnings delivered in Glasgow underscore a shifting threat environment in which UK cyberattacks are increasingly entwined with geopolitical competition. With state-backed actors refining techniques and weaponizing infrastructure targets, British businesses and public agencies face a narrowing window to strengthen defences and deepen cooperation before potential crises scale beyond recovery efforts.
