Britain warns hostile nations are driving its worst cyberattacks

Britain’s top cyber official warned that the country’s most serious cyberattacks are increasingly being driven by hostile nations, not ordinary criminal gangs, as Russia, Iran and China intensify pressure on the United Kingdom’s digital infrastructure. Richard Horne, chief executive of the National Cyber Security Centre, used his CYBERUK appearance in Glasgow to argue that the threat has moved into a “perfect storm” of rapid technological change and geopolitical tension.

Horne said the majority of nationally significant incidents handled by the NCSC now originate directly or indirectly from nation states, a shift that makes cyber risk look more like a national-security front than a conventional IT problem. The message was aimed as much at boardrooms as at security teams: firms should not wait for a breach before planning for resilience, because the attacks now being described are coordinated operations that can disrupt infrastructure, supply chains, sensitive data and day-to-day services.

That distinction matters. Ransomware remains a persistent threat, but the NCSC is warning that state-backed campaigns are more dangerous because they are designed to scale, to persist and to exploit periods of international tension. Horne is the right messenger for that warning. He has led the NCSC since October 2024, and the agency has been pressing organizations to treat cyber resilience as part of their core mission, not as a problem left to the IT department.

The concern goes well beyond corporate databases. The NCSC has said cyber security now extends into robotics, autonomous systems and technologies integrated with human bodies, underscoring how the attack surface is widening as the economy becomes more connected. Its Annual Review 2025 said cyber risk is now a boardroom issue, with incidents capable of disrupting operations, damaging reputations and triggering serious financial and legal consequences.

British officials are framing that shift in broader national-security terms. The government’s 2025 National Security Strategy says hostile state activity takes place on British soil and that cyberattacks can undermine public services. Horne’s remarks also pointed to recent incidents in Sweden and Poland as examples of Russian-linked activity against critical infrastructure, a reminder that cyber conflict now travels with wider geopolitical disputes.

CYBERUK 2026, held in Glasgow from April 21 to 23 during the NCSC’s 10th anniversary year, was designed to drive that point home. The agency says it offers resources to help organizations recover from attacks and improve resilience, but the deeper message is starker: Britain is no longer warning about a future threat. It is describing a present one, and asking whether the country’s critical services, local institutions and businesses are ready for it.