The UK is facing a “perfect storm” in cyber security as attacks driven by hostile states, combined with advances in artificial intelligence (AI), create new risks to UK infrastructure, the head of the UK’s National Cyber Security Centre (NCSC) will warn on Tuesday.
Hostile nation states are now directly or indirectly responsible for the majority of “nationally significant” cyber security attacks against the UK, running at an average of four per week, Richard Horne, CEO of the NCSC, is expected to say.
A combination of technological change and rising geopolitical tension is creating “tumultuous uncertainty”, as well as opportunities in cyber security, he is expected to say at the NCSC’s CyberUK conference in Glasgow.
Lessons from the battlefield
Russia is taking cyber lessons learned during the war in Ukraine and is deploying “tactics and techniques honed in conflict” against western states, including the UK, Horne will tell conference attendees.
That has led to sustained “hybrid” attacks, which incorporate physical and cyber disruption, targeting the UK and Europe.
“Russia is taking the cyber lessons it has learnt in a theatre of war and is moving them beyond the battlefield,” he will say.
China’s intelligence and military agencies are capable of an “eye-watering level of sophistication” in offensive cyber operations.
The Chinese hacking group Volt Typhoon has targeted multiple operators of critical national infrastructure (CNI) in Asia and across the US, as it pre-positions for future attacks, which could rank among the most severe experienced to date, Computer Weekly has previously reported.
And Iran is “almost certainly” using cyber activity to support the repression of people in Britain who are seen as threats to the Iranian regime.
Iranian state-linked hackers were also identified as being behind the cyber attack on the US medical technology firm, Stryker, in March.
Cyber is an integral part of conflict
Horne is expected to warn that cyber attacks are now an integral part of conflict, and as much a part of modern warfare as drones and missiles.
Groups linked to Russian military and intelligence services were behind a series of cyber attacks on Poland’s energy infrastructure in December 2025, for example.
They targeted two combined heat and power plants and an energy management system for renewable energy.
Cyber security has become “integral to conflict” and will become a new “home front”, Horne is expected to say.
Ransomware without the ransom
In the event of conflict, or near conflict, the UK would likely face cyber attacks “at scale” that would cause similar disruption to ransomware attacks, but without the possibility of recovering data by paying a ransom.
Ransomware attacks on Jaguar Land Rover cost the UK an estimated £1.9bn, while attacks on Marks & Spencer and the Co-op had estimated costs of between £270m and £440m, according to the UK Cyber Monitoring Centre.
Horne will say that defending against such attacks will require every organisation to make cyber security part of their corporate mission and to “build defence in-depth” so that they can remain operational following a successful attack.
Risks from Mythos and frontier AI
Anthropic’s AI model, Mythos, has exposed widespread security vulnerabilities in legacy software that could be exploited by malicious attackers if they became known.
Horne will warn that such “frontier AI” will quickly show where the fundamentals of cyber security need to be addressed.
It will expose poor quality code shipped by software suppliers with significant vulnerabilities, organisations that are not patching their IT systems quickly or widely enough, and those that fail to replace outdated legacy computer systems.
But Horne is expected to argue that there is an opportunity for AI to be a net positive for cyber defence.
Cyber security in space
In the near future, organisations will need to expand cyber security to protect energy systems, production lines, robotics, space-based communications and autonomous AI agents.
Technology that is physically integrated into the human body, including medical devices, will also need to be protected.
Defending against cyber attacks requires a “cultural shift”, and for cyber security and resilience to be seen as a strategic investment, rather than a cost.
