Hostile states launched 200 attacks on UK infrastructure in five months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne
The UK’s critical infrastructure has faced 200 cyber attacks linked to hostile nation-state actors in the first five months of the year, the head of GCHQ’s National Cyber Security Centre (NCSC) said today.
Hostile states, including Russia, China and Iran, are targeting the systems that underpin the UK’s essential services, Horne disclosed in a lecture at the Royal United Services Institute.
The high number of attacks against CNI shows that cyber attacks cannot simply be treated as a risk to be managed, but as an “ongoing contest between capable adversaries”, he said.
200 attacks against UK CNI
The NCSC managed 200 cyber incidents affecting the UK’s critical national infrastructure and its supporting ecosystem between January 2026 and May 2026, Horne disclosed.
By 2028, the NCSC says AI-enabled cyber capabilities will likely be used by attackers to exploit known vulnerabilities in legacy technology “at scale” across critical national infrastructure.
Businesses, government and the private sector needed to act “now with urgency” to protect their systems and protect themselves against future conflicts, which would see cyber attacks multiply.
“The many vulnerabilities that organisations tolerate today will be exploited in conflict tomorrow. If they are too expensive or hard to fix in peacetime, then they certainly will be in war,” warned Horne.
“In cyberspace, we are not preparing for tomorrow’s conflicts – to some degree, we are fighting them today,” he added.
Cyber defence akin to football match
Drawing an analogy, he said that cyber battle is not like a “wrestling match”, confined to the closed territory of a wrestling ring,
“It is far more akin to a football or basketball game, played across a large field of play, where success depends on how you operate across the entire pitch,” said Horne.
If we collectively embrace the [cyber] contest, understand the urgency and believe we can be a match for any opponent, then we can and will prevail
Richard Horne, NCSC
He said coordinated action is needed across the “near, mid and far” cyber spaces where we come into contact with adversaries, and that different approaches were needed in each.
He called on every board member and executive in every organisation to strengthen their cyber resilience by focusing on three core capabilities: understanding their exposure to threats, building stronger defences based on proven security fundamentals, and ensuring they can continue operating and recover quickly after an attack
“We still see far too many significant incidents today that are possible because the fundamentals are not in place,” said Horne.
“The truth is that in this great contest, there are no spectators; we are all on the pitch. From boardrooms to IT helpdesks to sofas at home, the contest is everywhere,” he added.
“If we collectively embrace the contest, understand the urgency and believe we can be a match for any opponent, then we can and will prevail.”
