Body
The U.K. is facing “the most seismic geopolitical shift in modern history” as the most serious cyberattacks increasingly come from hostile states including Russia, Iran and China, the head of the National Cyber Security Centre said at a security conference in Glasgow.
Richard Horne, who leads the NCSC, said the country needs to be prepared for cyberattacks that could hit “at scale” if Britain were drawn into an international conflict. He said Britain is living through a period in which cyber activity is now part of wider geopolitical contest, rather than a separate criminal threat.
Horne said the NCSC currently handles around four “nationally significant” cyber incidents each week. He said while ransomware and other criminal activity remain common, the most serious threat instead comes from cyberattacks carried out directly or indirectly by other states.
At the same event, Dan Jarvis, the U.K. security minister, said the NCSC handled more than 200 nationally significant incidents last year, more than double the year before. Jarvis and Horne spoke at CyberUK, a conference held in Glasgow.
Horne described cyberspace as part of an arena where major powers compete, saying “cyberspace is part of that contest.” He also cited differences in the way states operate: he said China’s intelligence and military agencies display an “eye-watering level of sophistication” and he said Iran was “almost certainly using cyber activity” to support repression in Britain.
He said Moscow, meanwhile, is using tactics developed during its war in Ukraine and is “moving them beyond the battlefield.” Horne said the U.K. and Europe face what he called “sustained Russian hybrid activity” and urged companies to learn how such cyber operations are used in conflict to improve resilience.
Jarvis said hostile states know “the most effective way to act is not to confront us directly, but to quietly hollow us out.” He said that can involve hacking logistics systems that move goods, and also compromising businesses without announcing a direct attack.
Jarvis used an incident involving Jaguar Land Rover to illustrate how disruption can affect the economy. He said a cyberattack at Britain’s biggest automaker “dent[ed] Britain’s economic growth late last year,” comparing it to masked criminals showing up at car dealerships to break glass, smash computers and steal vehicles from a parking lot.
Jarvis also said advances in AI are making attacks easier by helping adversaries find vulnerabilities in systems “faster than any human team can patch them.” He called for AI companies to work with the U.K. government to develop bespoke programs to strengthen Britain’s cyber defenses.
Beyond the U.K., European authorities have reported cyberattacks on critical infrastructure in ways that officials say are linked to hostile states. Swedish authorities said a pro-Russian group with links to Russia’s security and intelligence services was behind a cyberattack on a heating plant last year, and the Swedish minister for civil defense compared it to incidents in Poland in December affecting combined heat and power plants supplying heat to almost 500,000 customers, along with wind and solar farms.
Norwegian authorities also warned that a hack in April 2025 affecting water flows from a dam was linked to Russia, and Danish authorities said another attack on a water utility company in 2024 left some houses without water. The AP reported that the four cyberattacks are among more than 155 incidents of disruption, including arson, sabotage and espionage, linked to Russia or proxies tracked by the Associated Press since Moscow’s full-scale invasion of Ukraine in February 2022.
The NCSC’s Horne said in a conflict scenario the U.K. could face cyberattacks at scale that businesses would not be able to “pay their way out” of—unlike with ransomware—because companies would not be able to recover data and access systems simply through payment. He said every organization needs to understand the “full extent” of risk and improve defenses before it is too late.