The United Kingdom faces what officials describe as a perfect storm in cybersecurity, with rapid advances in artificial intelligence colliding with geopolitical tensions to create a period of deep uncertainty and rising risk for businesses, public institutions and critical systems.
Nation-State Threats Dominate the Most Serious Cases
Speaking at the CYBERUK conference in Glasgow, Richard Horne, chief executive of the National Cyber Security Centre, said ransomware remained the most common threat to most firms. But he added that the majority of nationally significant threats handled by the NCSC originate from nation states.
The NCSC had dealt with 204 nationally significant cyber incidents at the time of its last annual review, published in October 2026, and that the number of incidents has since remained fairly steady. Horne also outlined how Russia, China and Iran continue to target UK firms and individuals with different tactics and objectives.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
China’s intelligence and military agencies now display a very high degree of sophistication in cyber operations. They refer to a joint advisory published in August 2025 by the NCSC and twelve allied agencies linking three China-based companies to a global campaign targeting critical networks, overlapping with activity tracked by industry as Salt Typhoon. China-linked operations are often quieter and more persistent, with a focus shifting towards edge infrastructure such as routers and VPNs.
Iran and Russia Present Different Forms of Pressure
Iran is almost certainly using cyber activity to support repression of British individuals seen as threats to the regime. The NCSC had previously warned about an increase in targeted attacks against individuals using social media messaging applications. The reports also cites the Handala wiper activity in March, which compromised Stryker’s Microsoft Intune environment and remotely wiped devices at a key UK NHS supplier.
Regarding Russia, Horne said cyber lessons are being learned in the war with Ukraine and then directed at states Russia considers hostile. The NCSC and its partners, including the National Protective Security Authority, are observing sustained Russian hybrid activity against assets across the UK and Europe.
Preparedness and AI Raise Fresh Concern
The preparedness of UK organisations against sustained nation-state attacks remains uncertain. Anthony Young, chief executive of Bridewell, is quoted as saying that most businesses are not well prepared and are still struggling to put in place basic security controls and maintain full visibility across their estates. He also says many security leaders are being asked to do more with less while starting from a relatively low level of maturity.
Horne urged what he described as a cultural shift within organisations so that cybersecurity becomes a shared responsibility across leadership and operational teams. Young warned that if a nation state were to undertake a sustained attack on the UK today, he would be very worried.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
