Britain braces for a harsher cyber age

Britain is confronting what its cyber defence chief has described as a “perfect storm”, with fast-moving technological change colliding with rising geopolitical tension and exposing companies, public bodies and critical infrastructure to a more dangerous class of digital attack. The warning, delivered at the CYBERUK 2026 conference in Glasgow, signals a sharper threat environment in which ransomware remains widespread but the gravest strategic risks are increasingly tied to hostile states and conflict-driven disruption.

Richard Horne, chief executive of the National Cyber Security Centre, said the agency is still handling about four nationally significant cyber incidents each week, but that the source of the most serious cases is shifting. Criminal activity such as ransomware continues to affect the widest range of organisations, yet the majority of the most consequential incidents now originate directly or indirectly from nation states. He singled out China, Iran and Russia as principal concerns, describing China’s cyber capability as exceptionally sophisticated, warning that Iran is using cyber activity against individuals in Britain seen as hostile to the regime, and saying Russia is applying methods refined during wartime beyond the battlefield and across Europe.

That message marks an escalation from concerns already laid out in the NCSC’s 2025 review. By the end of 2024, the agency had handled 430 incidents, up from 371 a year earlier, while bespoke alerts sent to organisations more than doubled to 542. Of those cases, 347 involved some degree of data exfiltration and 20 involved ransomware. The review also warned that ransomware had become the most immediate and disruptive cyber threat to essential services such as energy, water, transport, health and telecommunications, while the overall risk facing the country was being widely underestimated.

Horne’s latest speech broadens that concern from persistent criminal harm to the prospect of systemic disruption during crises. He said Britain would likely face hacktivist attacks at scale if it were drawn into, or even near, a conflict situation. Those attacks, he suggested, could have effects and sophistication comparable to ransomware campaigns but without any practical route to restore systems by paying a ransom. That distinction matters for business continuity planning because it reframes cyber security from a technical issue into a resilience challenge that boards, executives and public authorities must treat as core to operations rather than a specialist afterthought.

Technology is the other half of the warning. Horne argued that artificial intelligence, quantum computing and other advances are reshaping the threat landscape faster than many institutions are adapting. In his speech he said frontier AI is already accelerating the discovery and exploitation of existing software vulnerabilities at scale, exposing weak patching practices, insecure code and the lingering risk embedded in legacy systems. The NCSC has separately warned that AI is likely to amplify existing attacks, including phishing, scams and synthetic criminal environments, even if a wave of wholly novel AI-driven attacks has not yet fully materialised.

That mix of old weaknesses and new tools is why officials are pressing organisations to move from a prevention-only mindset towards one centred on resilience. Fresh NCSC guidance published on 20 April defines “severe cyber threat” as a condition in which highly capable actors have both the intent and the ability to cause real-world operational disruption, with frontier AI increasing the speed, scale and ease of attack. The guidance says disruption to digital operations is no longer merely an IT problem but a business continuity and national resilience issue, and it urges leaders to rehearse hard choices in advance, including network isolation, degraded operations and system rebuilds.

The strategic backdrop is equally important. Horne said the world is undergoing the most seismic geopolitical shift in modern history and argued that cyberspace is now inseparable from that contest. European examples have reinforced the warning. Officials in Sweden, Poland, Denmark and Norway have all pointed to serious cyber incidents linked to Russia or pro-Russian actors affecting heating, water or other infrastructure, underscoring how digital disruption can spill into daily life without a conventional military strike. For Britain, the implication is that cyber preparedness now sits closer to civil defence than routine compliance.