Key Points
- The UK’s critical national infrastructure (CNI) suffered more than 200 cyber incidents in the past year, the National Cyber Security Centre (NCSC) reports.
- State-linked actors (Russia, China, Iran) were responsible for roughly 75% of those incidents, NCSC chief executive Richard Horne said.
- Horne warned the UK is in an “ongoing contest with capable adversaries” and compared cyber conflict to a wide-field sport rather than a confined match.
- Advances in artificial intelligence are expected to accelerate cyber threats, with 2028 identified as a likely tipping point for AI-enabled attacks.
- The NCSC urged organizations to focus on cybersecurity fundamentals and recovery capabilities to limit the impact of future attacks.
- The agency highlighted the ubiquity of risk, from boardrooms to home devices, and warned that unresolved vulnerabilities tolerated in peacetime will be exploited in conflict.
- The NCSC recommended consumers adopt passkeys in place of passwords to reduce account takeover risks.
- The agency cautioned about possible large-scale “hacktivist” operations if the UK becomes involved in a conflict, with potential impacts similar to major ransomware incidents.
- The government and security leaders, including former MI6 head Blaise Metreweli and ex-chancellor Pat McFadden, have previously warned about state targeting of UK infrastructure and the weaponization of AI.
- The report stresses cooperation between public and private sectors, swift patching of known vulnerabilities, and investment in cyber resilience and recovery.
London (Britain Today News) June 17, 2026 — The United Kingdom’s critical national infrastructure has been hit by more than 200 cyber incidents over the last year, and state-linked actors were behind roughly three-quarters of those attacks, Richard Horne, chief executive of the National Cyber Security Centre, warned on Tuesday. He told an audience at the Royal United Services Institute that hostile states such as Russia, China and Iran were increasingly targeting systems that underpin essential services — from power stations and hospitals to airports and military networks — and cautioned that the rise of artificial intelligence (AI) could accelerate the threat landscape, with 2028 singled out as a likely year when AI-enabled attacks may crystallize.
- Key Points
- What are the scale and sources of the attacks?
- How does the NCSC define critical national infrastructure?
- What role could AI play in future cyber attacks?
- Which AI developments are raising concern?
- What immediate defenses does the NCSC recommend?
- How could weak authentication be addressed for consumers?
- Are there warnings about hacktivism and conflict-related disruptions?
- How do senior security figures frame the current geopolitical context?
- What sectors are most at risk and why?
- How should organizations change their posture to be ready?
- What does this mean for national resilience and policy?
- What legal and operational challenges do defenders face?
- How reliable are the NCSC’s conclusions and what sources back them?
- What should individual citizens do to reduce their exposure?
- What are the possible next steps from government and industry?
- Why is this moment significant?
What are the scale and sources of the attacks?
As reported by Richard Horne of the National Cyber Security Centre at the Royal United Services Institute, the NCSC recorded over 200 incidents over the past year affecting the United Kingdom’s critical national infrastructure. Horne attributed about 75% of these intrusions to state-linked actors, identifying Russia, China and Iran as prominent adversaries.
“This contest is not confined to a compact space,”
Horne said.
“It is far more akin to a football or basketball game, played across a large field of play, where success depends on how you operate across the entire pitch.”
How does the NCSC define critical national infrastructure?
The NCSC’s remit covers systems and networks that support the nation’s essential services. Examples of critical national infrastructure include the UK’s nuclear deterrent, power plants, hospitals and airports. These assets are attractive targets because disruption can cause widespread societal harm and economic damage. Horne stressed that attacks are not limited to a few high-profile targets but range across multiple sectors and tiers of service providers and suppliers.
What role could AI play in future cyber attacks?
Horne warned that advances in AI are likely to accelerate cyber threats, exposing existing vulnerabilities in national infrastructure and enabling more sophisticated, scalable attacks. He said:
“The many vulnerabilities that organisations tolerate today will be exploited in conflict tomorrow. If they are too expensive or hard to fix in peacetime, then they certainly will be in war.”
The NCSC singled out 2028 as a potential inflection point when AI-enabled capabilities could materially change the nature and scale of cyber operations against critical systems.
Which AI developments are raising concern?
The emergence of advanced language and decision-making models such as Anthropic’s Claude Mythos has prompted unease among security professionals. Officials perceive an increased risk that generative and automated tools could be used to craft targeted social engineering campaigns, discover novel attack vectors, or speed up exploitation of unpatched vulnerabilities. Despite those concerns, cybersecurity experts caution that most breaches today still exploit long-established weaknesses: poor authentication, weak passwords, and known but unpatched software flaws.
What immediate defenses does the NCSC recommend?
Horne emphasized the need for organizations to prioritize basic cyber hygiene and recovery capabilities. The NCSC’s core advice includes strong authentication (moving toward passkeys), rapid patching of known vulnerabilities, network segmentation, regular backups and robust incident response plans.
“If we collectively embrace the contest, understand the urgency and believe we can be a match for any opponent, then we can and will prevail,”
Horne said, urging a practical, sustained approach to cybersecurity fundamentals rather than seeking magic solutions.
How could weak authentication be addressed for consumers?
The NCSC has actively recommended that consumers drop passwords in favor of passkeys — a cryptographic credential stored on users’ devices that provides a simpler and stronger sign-in method. The agency described passkeys as a “digital stamp” that should become the first choice for logging into apps and websites. Moving away from passwords could dramatically reduce account takeover attacks that remain a common vector for larger intrusions into corporate and critical systems.
Are there warnings about hacktivism and conflict-related disruptions?
Horne has cautioned that the UK could face “hacktivist attacks at scale” if it becomes embroiled in a conflict, and that these attacks could have impacts comparable to recent high-profile ransomware campaigns. He said that many of today’s tolerated vulnerabilities would be easy targets in wartime conditions, amplifying the potential damage from disruption across services and supply chains.
How do senior security figures frame the current geopolitical context?
Horne’s remarks echo previous warnings from senior security figures. As reported by Blaise Metreweli of MI6 last year, Britain sits in “a space between peace and war,” confronted by strategic competition with rival states. Similarly, comments from former chancellor Pat McFadden highlighted the risk that AI could be weaponized against the UK and identified Russia as a nation already targeting media, telecoms, political institutions and energy infrastructure. These high-level statements form the political backdrop to the NCSC’s operational warnings.
What sectors are most at risk and why?
The NCSC indicates that sectors that underpin daily life—energy, health care, transport, and communications—are particularly vulnerable due to their complex supply chains, legacy systems and high reliance on continuous connectivity. Critical systems often rely on interconnected services and third-party suppliers, creating multiple attack surfaces. Horne warned that threats extend from “boardrooms to IT help desks, to sofas at home,” underlining that risk exists across organizational hierarchies and personal devices.
How should organizations change their posture to be ready?
According to Horne, resilience hinges on several practical steps: invest in recovery capabilities (backups and restoration plans), implement multifactor authentication or passkeys, enforce timely patch management, conduct regular incident response exercises, and map dependencies across supply chains. He urged boards and executives to treat cyber risk as strategic business risk, rather than a purely technical issue, so that necessary resources and governance are applied.
What does this mean for national resilience and policy?
The NCSC’s assessment underscores the necessity of sustained public-private cooperation, clear regulatory standards, and targeted investment in cyber defenses. Protection of critical national infrastructure requires holistic policies that stress prevention, detection, rapid recovery and international collaboration to deter state-backed campaigns. Horne’s metaphor of a wide-field contest implies that success depends on coordinated action across many actors and roles.
What legal and operational challenges do defenders face?
Security teams often operate under constrained budgets and legacy technical debt, making rapid remediation costly. Horne warned that some fixes tolerated in peacetime might be unaffordable in wartime, creating strategic risk. Additionally, attribution of attacks to state-linked actors complicates response options and raises diplomatic, legal and escalation questions for government decision-makers.
Explore More about Technology:
UK Considers Rolling Back EV Mandate as Automakers Raise Concerns
London Tech Week 2026 ends with £6 billion AI investment and 8,000 new jobs created
How reliable are the NCSC’s conclusions and what sources back them?
The NCSC bases its conclusions on operational intelligence, incident data, and threat analysis. Horne’s public speech at the Royal United Services Institute provided the forum for these findings. Where the agency highlights specific technology like Claude Mythos, it is reflecting broader expert debate about the dual-use potential of advanced AI systems. Independent experts continue to stress that while AI raises new risks, many successful breaches still exploit known weaknesses.
What should individual citizens do to reduce their exposure?
The NCSC advises individuals to adopt strong authentication methods (passkeys or multifactor authentication), keep devices updated, avoid reuse of passwords across services, be cautious of unsolicited messages and links, and enable automatic updates where possible. These basic steps reduce the likelihood that personal devices will become entry points for larger, system-wide intrusions.
What are the possible next steps from government and industry?
Policy measures could include mandatory baseline security standards for critical sectors, incentives or subsidies to help organizations patch legacy systems, expanded threat-sharing initiatives, and continued investment in cyber workforce development. Horne’s speech signals that the government will likely continue to push for higher standards of resilience and stronger cross-sector coordination.
Why is this moment significant?
Cyber operations have evolved beyond isolated criminality into a spectrum of statecraft tools. The UK’s experience — a substantial number of incidents and a high proportion of state-linked activity — demonstrates how cyber power now complements traditional geopolitical competition. Horne’s comparison of the contest to a sport played across a broad pitch underscores the diffuse and relentless nature of modern cyber conflict.
