NCSC warns of growing cyber risks to critical infrastructure

NCSC says three-quarters of UK critical infrastructure cyber attacks are linked to hostile state actors.
NCSC says three-quarters of UK critical infrastructure cyber attacks are linked to hostile state actors.

Hostile state actors were linked to around three-quarters of cyber attacks affecting the UK’s critical national infrastructure over the past year, according to the head of the National Cyber Security Centre.

Speaking at the Royal United Services Institute’s Annual Security Lecture, NCSC CEO Dr Richard Horne said the agency managed more than 200 cyber incidents affecting critical national infrastructure and its supporting ecosystem in the year to May 2026.

Horne said around 75% of those incidents were believed to be linked to state actors. He warned that hostile states are increasingly targeting the systems that underpin essential services in the UK.

The NCSC chief said cybersecurity should not be treated only as a technical risk to be managed, but as an ongoing contest with capable adversaries. He urged executives and board members to improve resilience by understanding their exposure to threats, strengthening proven security fundamentals and ensuring organisations can continue operating and recover quickly after attacks.

Horne also warned that AI is likely to accelerate the threat. The NCSC assesses that by 2028, attackers will probably use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale across critical national infrastructure.

He said many serious incidents still occur because basic cybersecurity measures are not in place. The warning places legacy systems, board-level accountability and operational resilience at the centre of the UK’s critical infrastructure security debate.

Why does it matter?

The NCSC warning shows that cyber attacks on critical infrastructure are no longer just an operational IT risk. They are part of a wider geopolitical contest involving hostile states, essential services and national resilience. The AI warning makes the issue more urgent: if attackers can use AI to exploit known weaknesses in legacy systems at scale, organisations that have tolerated unresolved vulnerabilities may face attacks much faster and broader.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.