UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Warns 2026

Key Points

• Richard Horne, CEO of National Cyber Security Centre (NCSC), warns Britain to brace for rise in state-backed cyberattacks from hostile nations.
• NCSC, part of GCHQ, handles about four nationally significant cyber incidents weekly; highest-impact attacks increasingly linked to governments, not just criminal gangs.
• Criminal threats like ransomware remain most common risk to organisations.
• Majority of serious incidents originate directly or indirectly from nation states including China, Iran, and Russia, targeting Britain and European partners.
• UK in midst of “most seismic geopolitical shift in modern history.”
• MI5 disrupted over 20 Iran-linked plots since 2022, some targeting UK residents.
• In conflict situations, UK faces large-scale hacktivist attacks causing ransomware-level disruption without ransom option.
• AI advances to accelerate cyberattacks by speeding vulnerability identification, but also offer defence opportunities.
• Security Minister Dan Jarvis calls on AI firms to build AI-powered cyber defences for critical infrastructure.
• Jarvis launches voluntary Cyber Resilience Pledge and announces £90 million ($122 million) investment over three years, including for SMEs.

Glasgow (Britain Today News) –April 23, 2026 – Britain must prepare for a surge in cyberattacks orchestrated by hostile states, the head of the National Cyber Security Centre (NCSC) declared at the government’s annual CyberUK conference.

Richard Horne, chief executive of the NCSC – an agency under the UK’s Government Communications Headquarters (GCHQ) – emphasised that the nation faces escalating threats from nation states amid profound global shifts. Speaking to an audience of cybersecurity experts, Horne revealed that his team manages roughly four nationally significant cyber incidents each week, with the gravest ones now predominantly tied to state actors rather than solely criminal groups.

What Did NCSC Chief Richard Horne Warn About State-Backed Cyberattacks?

Horne’s address painted a stark picture of evolving cyber dangers. As reported by Reuters journalists, Horne stated that while ransomware persists as the predominant threat to organisations, the most severe incidents increasingly stem “directly or indirectly” from nation states such as China, Iran, and Russia. These operations target Britain and its European allies, exploiting geopolitical tensions.

He described the current era as

“the most seismic geopolitical shift in modern history,”

underscoring how international rivalries fuel cyber aggression. Horne cautioned that should the UK enter or approach a conflict scenario, it would confront “hacktivist attacks at scale.” Such campaigns, he noted, could mirror the disruption of major ransomware assaults but without the possibility of ransom payments to regain access.

The NCSC’s workload reflects this intensity: four high-stakes incidents weekly demand constant vigilance. Horne highlighted that state-linked attacks eclipse traditional crime in impact, shifting the threat landscape dramatically.

How Frequent Are Nationally Significant Cyber Incidents in the UK?

The NCSC’s routine handling of four nationally significant cyber incidents per week underscores the relentless pressure on UK defences. According to Horne’s speech at CyberUK in Glasgow, these events range from disruptive hacks to sophisticated intrusions, with state actors driving the most damaging ones.

Ransomware, though common, pales against state-sponsored efforts in severity. Horne explained that criminal gangs focus on financial gain, whereas governments pursue strategic objectives, amplifying consequences for critical sectors like energy, transport, and finance.

This frequency has held steady, demanding robust response mechanisms. The agency’s integration with GCHQ enables rapid intelligence sharing, yet Horne stressed the need for proactive measures as threats evolve.

Which Nation States Are Behind the Most Serious UK Cyber Incidents?

Horne pinpointed China, Iran, and Russia as primary perpetrators, either directly or through proxies. Their activities, he said, aim to undermine Britain and Europe, blending espionage with sabotage.

Iran’s role stands out, corroborated by Britain’s domestic spy agency MI5. Last year, MI5 revealed it had thwarted more than 20 Iran-linked plots since 2022, some targeting individuals on UK soil. As Reuters reported in October 2025, MI5 chief Ken McCallum described a growing menace from Russia and Iran, including terrorism and cyber elements.

Russia’s hybrid warfare tactics, Iran’s retaliatory operations, and China’s persistent espionage form a triad of concern. Horne noted these states adapt swiftly, leveraging global instability.

What Role Does Ransomware Play in UK Cyber Threats?

Despite state dominance in high-impact cases, ransomware remains the everyday scourge for businesses and public bodies. Horne told the CyberUK conference that it constitutes the most common organisational risk, often paralysing operations through data encryption and extortion.

Victims face stark choices: pay criminals or endure prolonged outages. Horne contrasted this with state attacks, which seek broader disruption without financial motives. Recent NCSC guidance urges backups and segmentation to mitigate ransomware, yet incidents persist.

How Might Geopolitical Conflicts Amplify UK Cyber Risks?

Geopolitical flashpoints promise intensified cyberactivity. Horne warned of scaled hacktivism in conflict proximity, delivering ransomware-equivalent chaos sans negotiation.

Mathieu Cousin, cyber risk strategist at AXA XL, echoed this last month, linking surges to the U.S.-Israeli war on Iran.

“When geopolitical tensions rise, cyber activity follows,”

Cousin said.

“In this conflict, Iranian state-aligned groups use cyber operations as another way to respond,”

as covered by Reuters.

MI5’s Iran plot disruptions highlight real-world escalation. Horne urged readiness for hybrid threats blending cyber with physical dangers.

What Impact Will AI Have on Cyberattacks and Defences?

Artificial intelligence emerges as a double-edged sword. Horne predicted AI will hasten cyberattacks by automating vulnerability scans and exploit development, empowering even novices.

Yet, AI bolsters defences through predictive analytics and automated responses. At CyberUK, Horne advocated balancing offence with enhanced protections.

Security Minister Dan Jarvis reinforced this, imploring leading AI firms to collaborate on AI-driven cyber defences for critical national infrastructure.

“We must harness AI to stay ahead,”

Jarvis declared.

What New Government Measures Were Announced at CyberUK?

Jarvis unveiled practical steps to fortify resilience. He invited businesses to join a voluntary Cyber Resilience Pledge, committing to baseline security standards.

Additionally, the government pledged £90 million ($122 million) over three years, targeting small and medium-sized enterprises (SMEs) often overlooked in cybersecurity. Funds will support training, tools, and incident response.

These initiatives complement NCSC efforts, aiming for a “whole-of-society” approach. Jarvis positioned them as vital amid rising state threats.

Why Is the NCSC’s Role Crucial in UK’s Cyber Landscape?

As GCHQ’s operational arm, the NCSC coordinates national responses, shares threat intelligence, and advises sectors. Horne’s leadership emphasises agility against state actors.

Weekly incident management showcases its frontline prowess. Partnerships with private firms amplify reach, ensuring warnings reach vulnerable entities promptly.

How Does the Current Geopolitical Shift Affect UK Security?

Horne’s “seismic shift” reference captures realignments post-Ukraine invasion, Middle East strife, and U.S.-China rivalry. These fuel cyber as a domain of choice for deniable aggression.

Britain’s alliances, including AUKUS and Five Eyes, heighten its profile. Horne called for sustained investment to match adversaries’ resolve.

In summary, Horne’s CyberUK speech galvanised action against state-backed perils. With ransomware rife and AI transformative, the UK’s £90 million boost and pledges signal commitment. As threats mount from China, Iran, and Russia, vigilance remains paramount.