LONDON: The National Cyber Security Centre (NCSC) has issued a stark warning about the rising scale and sophistication of cyber threats targeting the UK’s critical national infrastructure (CNI), revealing that hostile state actors were responsible for approximately 75 per cent of more than 200 cyber incidents handled over the past year.
In an address at the Royal United Services Institute’s Annual Security Lecture, NCSC Chief Executive Dr Richard Horne cautioned that adversarial nations, including Russia, China, and Iran, are increasingly directing their efforts at the systems that support essential services such as energy, healthcare, water, and finance.
While emerging AI models have raised concerns about automated cyber-attack capabilities, Horne stressed that many breaches continue to arise from long-standing weaknesses such as poor authentication and unpatched systems.
Horne also emphasised that the UK is locked in an ‘ongoing contest with capable adversaries,’ warning that vulnerabilities today will be exploited future conflict.
The warning follows earlier government assessments that Russia has targeted UK media, telecoms, democratic institutions and energy systems, emphasising the need for organisations to strengthen their authentication, accelerate patching and adopt modern protections such as passkeys.
Andy Ward SVP International at Absolute Security: “AI in cybersecurity offers huge potential to improve detection and speed up response times. However, AI is also causing cyber threats to become smarter and faster."
"Attacks now move at AI speed, disruption moves at AI speed, and complexity grows at AI speed, so if your resilience doesn't move at AI speeds, you've already lost. Our recent research found that 42 per cent of UK organisations still lack a formal cyber resilience strategy. Without robust AI-powered cyber resilience strategies and real-time visibility in place, the UK risks sleepwalking into deeper vulnerabilities."
The NCSC is expected to release further guidance in the coming weeks as part of a broader government effort to strengthen national cyber resilience.