UK Security Chief Warns of Escalating State-Backed Cyber Threats as Geopolitical Risks Intensify
The National Cyber Security Centre says Britain must prepare for a growing wave of sophisticated cyberattacks driven by hostile states, alongside rising risks from AI-enabled hacking
The United Kingdom must prepare for a sustained rise in cyberattacks linked to hostile nation states, the country’s top cybersecurity official has warned, as authorities highlight an increasingly volatile digital threat landscape shaped by geopolitics and rapid advances in artificial intelligence.
Richard Horne, chief executive of the National Cyber Security Centre, said that the most serious cyber incidents affecting the UK are now overwhelmingly connected to state-backed actors rather than conventional criminal groups.
Speaking at a major cybersecurity conference in Glasgow, he described a “perfect storm” of technological change and geopolitical tension that is reshaping the scale and sophistication of cyber threats facing critical infrastructure.
According to the agency, the UK currently handles around four nationally significant cyber incidents each week on average.
While ransomware remains the most common form of cybercrime affecting businesses, the most consequential attacks are increasingly attributed to nation states, including China, Russia, and Iran, which are assessed to possess advanced capabilities and strategic intent.
The warning comes amid evidence of a broader pattern of hostile cyber activity targeting essential services across Europe, with public utilities, communications systems, and industrial networks frequently identified as potential targets.
Officials say such operations are often designed not only to steal data but also to disrupt economic activity and test resilience in critical systems.
A growing concern highlighted by security leaders is the accelerating role of artificial intelligence in cyber operations.
AI tools are increasingly being used to identify vulnerabilities at speed and scale, lowering the barrier for sophisticated attacks.
While officials note that these same technologies could strengthen defensive capabilities, they also warn that adversaries are rapidly integrating AI into offensive cyber strategies.
Alongside the threat assessment, the UK government has urged closer collaboration between the technology sector and public institutions to strengthen national defences.
Additional investment has been pledged to improve cyber resilience across both large organisations and smaller businesses, with a focus on developing AI-enabled defensive systems and improving incident response capacity.
Security officials have also stressed that geopolitical instability is directly influencing the cyber domain, with hostile actors believed to be more willing to deploy disruptive operations during periods of international tension.
This has led to heightened concern that future conflicts could increasingly extend into digital infrastructure, blurring the line between traditional warfare and cyber operations.
Authorities say the overall trajectory of the threat environment demands a fundamental shift in how organisations approach cybersecurity, with greater emphasis on resilience, continuous monitoring, and integration of security into core operational planning.
Richard Horne, chief executive of the National Cyber Security Centre, said that the most serious cyber incidents affecting the UK are now overwhelmingly connected to state-backed actors rather than conventional criminal groups.
Speaking at a major cybersecurity conference in Glasgow, he described a “perfect storm” of technological change and geopolitical tension that is reshaping the scale and sophistication of cyber threats facing critical infrastructure.
According to the agency, the UK currently handles around four nationally significant cyber incidents each week on average.
While ransomware remains the most common form of cybercrime affecting businesses, the most consequential attacks are increasingly attributed to nation states, including China, Russia, and Iran, which are assessed to possess advanced capabilities and strategic intent.
The warning comes amid evidence of a broader pattern of hostile cyber activity targeting essential services across Europe, with public utilities, communications systems, and industrial networks frequently identified as potential targets.
Officials say such operations are often designed not only to steal data but also to disrupt economic activity and test resilience in critical systems.
A growing concern highlighted by security leaders is the accelerating role of artificial intelligence in cyber operations.
AI tools are increasingly being used to identify vulnerabilities at speed and scale, lowering the barrier for sophisticated attacks.
While officials note that these same technologies could strengthen defensive capabilities, they also warn that adversaries are rapidly integrating AI into offensive cyber strategies.
Alongside the threat assessment, the UK government has urged closer collaboration between the technology sector and public institutions to strengthen national defences.
Additional investment has been pledged to improve cyber resilience across both large organisations and smaller businesses, with a focus on developing AI-enabled defensive systems and improving incident response capacity.
Security officials have also stressed that geopolitical instability is directly influencing the cyber domain, with hostile actors believed to be more willing to deploy disruptive operations during periods of international tension.
This has led to heightened concern that future conflicts could increasingly extend into digital infrastructure, blurring the line between traditional warfare and cyber operations.
Authorities say the overall trajectory of the threat environment demands a fundamental shift in how organisations approach cybersecurity, with greater emphasis on resilience, continuous monitoring, and integration of security into core operational planning.
