Hostile states linked to 75% of cyber attacks affecting UK’s critical systems

Speaking at the Royal United Services Institute’s (RUSI) Annual Security Lecture, Horne stated that upwards of 200 cyber incidents affecting the UK’s CNI and its supporting ecosystem were managed by the NCSC in the year to May 2026, with around 75% of those believed to be linked to state actors.

Horne warned that hostile states, such as Russia, China and Iran, are increasingly targeting the systems that underpin the UK’s essential services, arguing that cyber security should not be treated simply as a risk to be managed, but rather as an ongoing contest with capable adversaries.

In his speech, Horne observed: “This contest is not confined to a compact space. It’s not like a wrestling match in a closely defined territory as some have suggested. It’s far more akin to a football or basketball game, played across a large field of play, where success depends on how you operate across the entire pitch.” 

Horne outlined the need for co-ordinated action across the “near, mid and far” cyber spaces, “the different parts of the environment where we come into contact with our adversaries, with different approaches in each”. He called on “every Board member and every executive in every organisation” to strengthen cyber resilience by focusing on three core capabilities: understanding their exposure to threats, building stronger defences based on proven security fundamentals and ensuring they can continue operating and recover quickly after an attack.

Fundamentals not in place 

In the lecture, Horne said: “We still see far too many significant incidents today that are possible because the fundamentals are not in place. The truth is that, in this great contest, there are no spectators. We are all on the pitch. From Boardrooms to IT Help Desks to sofas at home, the contest is everywhere. If we collectively embrace the contest, understand the urgency and believe that we can be a match for any opponent, then we can – and will – prevail.”

Speaking about the cyber threat in future conflict scenarios, Horne emphasised the urgency of organisations acting now for their own protection. “The many vulnerabilities that organisations tolerate today will be exploited in conflict tomorrow. If they are too expensive or hard to fix in peacetime, then they certainly will be in war. In cyberspace, we are not preparing for tomorrow’s conflicts. To some degree, at least, we are fighting them today.”

The NCSC’s CEO also warned that advances in Artificial Intelligence (AI) are likely to accelerate the threat, with the NCSC assessing that, by 2028, AI-enabled cyber capabilities will likely be used by attackers to exploit known vulnerabilities in legacy technology at scale across CNI.

The NCSC has published a range of resources and guidance to help organisations counter AI-powered attacks by acting now to improve their cyber security foundations. For more information visit ncsc.gov.uk/frontier-ai

Industry comment

Andy Ward, senior vice-president of international business at Absolute Security, explained: “AI in cyber security offers huge potential to improve detection and speed up response times. However, AI is also causing cyber threats to become smarter and faster.”

Ward added: “Attacks now move at AI speed, disruption moves at AI speed and complexity grows at AI speed, so if your resilience doesn’t move at AI speeds, you’ve already lost. Our recent research found that 42% of UK organisations still lack a formal cyber resilience strategy. Without robust AI-powered cyber resilience strategies and real-time visibility in place, the UK risks sleepwalking into deeper vulnerabilities.”

The NCSC is expected to release further guidance in the coming weeks as part of a broader Government effort purpose-designed to strengthen national cyber resilience.

*Further information is available online at www.ncsc.gov.uk