NCSC says hostile states behind most attacks on UK critical infrastructure
The head of the National Cyber Security Centre has said that hostile states were linked to around three-quarters of cyber incidents affecting organisations in the UK’s critical infrastructure over the...
The head of the National Cyber Security Centre has said that hostile states were linked to around three-quarters of cyber incidents affecting organisations in the UK’s critical infrastructure over the past year.
Speaking at the Royal United Services Institute’s annual security lecture, NCSC chief executive Dr Richard Horne said the agency dealt with more than 200 incidents involving critical national infrastructure and its wider support networks in the year to May 2026. He said roughly 75% of those cases were believed to have state involvement.
Dr Horne pointed to countries such as Russia, China and Iran as examples of state-backed actors increasingly focusing on systems that support essential services. He argued that cyber security should be seen not only as a matter of risk management, but as a continuing contest with well-resourced adversaries.
Call for stronger resilience across organisations
In his remarks, Horne urged boards and executive teams to take a more active role in cyber resilience. He said organisations should concentrate on three areas:
- understanding where they are exposed to threats
- building defences around established security basics
- making sure they can keep operating and recover quickly after an attack
He warned that many serious incidents still occur because core security measures are not consistently in place. Rather than treating cyber risk as something confined to IT departments, he said the issue affects everyone, from senior leadership to frontline staff and home users.
AI expected to intensify the threat
Horne also said artificial intelligence is likely to make the threat environment more difficult. According to the NCSC, by 2028 attackers are likely to use AI-enabled tools to exploit known weaknesses in older technology at scale across critical infrastructure.
The agency said it has published guidance to help organisations strengthen their defences and prepare for AI-assisted attacks. It has encouraged businesses and public bodies to focus on cyber security fundamentals now, rather than waiting for more advanced threats to emerge.
Horne concluded that organisations should treat the present period as part of an ongoing conflict in cyberspace, not as preparation for a future challenge alone.
