GLASGOW, Scotland (AP) 鈥 The most serious in the U.K. are now carried out by hostile nations including Russia, Iran and China, the head of the U.K.鈥檚 National Cyber Security Centre (NCSC) said in a speech Wednesday.
Richard Horne, the head of the NCSC 鈥 part of the U.K’s signals intelligence agency GCHQ 鈥 warned that the U.K. is living through 鈥渢he most seismic geopolitical shift in modern history.鈥 British businesses, he said, need to prepare themselves to defend against cyberattacks because the U.K. could be targeted 鈥渁t scale,鈥 if it became involved in an international conflict.
In recent months, authorities in Sweden, Poland, Denmark and Norway have all warned that linked to Russia have targeted their critical infrastructure including power plants and dams.
Horne said the NCSC currently handles around four 鈥渘ationally significant鈥 cyber incidents a week and while criminal activity, , remains the most common problem, the most serious threat comes from cyberattacks carried out directly or indirectly by other states.
Dan Jarvis, the U.K. security minister, said the NCSC handled more than 200 nationally significant incidents last year 鈥 more than double the year before. Jarvis and Horne spoke at the CyberUK conference in the Scottish city of Glasgow.
Cyber operations become more sophisticated
In December, Blaise Metreweli, the head of Britain’s Secret Intelligence Service, or MI6, said the and contested now than it has been for decades and that the U.K. is operating in a space between peace and war.
鈥淟et鈥檚 be clear, cyberspace is part of that contest,鈥 Horne said.
China’s intelligence and military agencies display an 鈥渆ye-watering level of sophistication in their cyber operations,鈥 while Iran is 鈥渁lmost certainly using cyber activity to support the repression of British individuals on our streets who are seen as a threat to the regime,鈥 he said.
Moscow, meanwhile, is using tactics and techniques honed during its war in Ukraine and is 鈥渕oving them beyond the battlefield,鈥 Horne said, pointing to 鈥渟ustained Russian hybrid activity鈥 targeting the U.K. and Europe. Companies, he said, must learn how cyber operations have been used in conflict situations in order to boost their own resilience.
Hostile states, Jarvis said, know the most effective way to act is 鈥渘ot to confront us directly, but to quietly hollow us out,鈥 by hacking logistics systems which move goods, for example, or compromising businesses.
He compared 鈥 that dented Britain’s economic growth late last year 鈥 to masked criminals turning up at car dealerships, breaking glass, smashing computers and stealing vehicles from the parking lot.
AI, Jarvis said, is also making it easier for adversaries to attack by finding vulnerabilities in systems 鈥渇aster than any human team can patch them.鈥 He called for AI companies to work with the U.K. government to develop bespoke programs to boost Britain’s cyber defenses.
European countries report cyber attacks on infrastructure
In a conflict situation, Horne said, the U.K. would likely face cyberattacks at scale but 鈥 unlike with ransomware 鈥 companies will not be able to pay their way out in order to recover data and access to systems. For that reason, he said, every organization needs to understand the 鈥渇ull extent鈥 of the risk they face and improve their cyber defenses before it is too late.
On Friday, Swedish authorities said that a pro-Russian group with links to Russia鈥檚 security and intelligence services was behind last year.
Carl-Oskar Bohlin, Sweden’s minister for civil defense, compared it to in December, when coordinated cyberattacks hit combined heat and power plants supplying heat to almost 500,000 customers, as well as wind and solar farms. Poland later said evidence indicated hackers were 鈥渄irectly linked to the Russian services.鈥 Norwegian authorities also warned that a hack in April 2025 which was linked to Russia while in December, Danish authorities said another in 2024 left some houses without water.
The four cyberattacks are among more than linked to Russia or its proxies by Western officials and tracked by The Associated Press since Moscow’s full scale invasion of Ukraine in February 2022.
Other incidents linked to Russia by European officials include an attack on German air traffic control, attempts to gain access to Signal and WhatsApp accounts belonging to officials and journalists and attempts by hackers linked to Russian military intelligence to steal users’ sensitive data by exploiting a weakness in some internet routers.
Copyright © 2026 The Associated Press. All rights reserved. This material may not be published, broadcast, written or redistributed.
