When it comes to what is changing with the UK’s cyber threats, Richard Horne, CEO of the UK’s National Cyber Security Centre, used the CYBERUK conference in Glasgow to set out the situation. “The next decade will be defined by a combination of geopolitical tensions and high-seed technological evolution,” he said, describing a “perfect storm” for cyber security.
That combination is already affecting daily operations across the UK. The NCSC handled 204 “national significant” incidents at the time of its last annual review, published in October 2026, and Horne said the total has stayed “fairly steady”. The volume has not dropped, and the nature of those incidents is evolving.
Ransomware continues to appear in routine cases across many organisations. The most serious threats the NCSC deals with come from nation states. Horne claims Russia, China and Iran are targeting UK organisations and individuals with different aims and methods. He added that China’s intelligence and military agencies now show an “eye-watering level of sophistication” in cyber operations.
Jamie Collier from Google Threat Intelligence Group told Infosecurity that the UK is “navigating a complex and blended threat landscape where nation-state actors pursue very different strategic goals.” That environment makes it harder for security teams to judge risk and respond in a consistent way.
How Are Geopolitics Impacting Attacks?
Activity connected to China has become persistent and harder to detect over time. It often targets routers and VPNs instead of older entry points used in earlier campaigns. A joint advisory in August 2025 connected three China-based companies to a global campaign against critical networks.
Russia continues to act as a disruptive cyber actor across Europe and the UK. Collier said, “Russia remains the most visible and disruptive threat, characterised by a mix of sophisticated espionage and a surge in pro-Russia hacktivist activity.” Horne added that lessons from the war in Ukraine are being reused, with tactics refined in conflict now directed at states seen as hostile.
Apparently, Iran is taking a different route through targeted digital activity. Horne said it is “almost certainly” using cyber activity to support repression of individuals in the UK. Martin Riley of Bridewell pointed to the Handala wiper incident affecting an NHS supplier as a sign of what is coming, adding organisations should expect more direct targeting.
Where Does AI Come Into All Of This?
Horne warned that new AI systems are speeding up both discovery and exploitation of weaknesses across networks. “Frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cyber security are still to be addressed,” he said.
Mike Maddison, CEO of NCC Group, said the overlap is now impossible to ignore in practice. “Resilience is now being tested at the intersection of AI and geopolitical tensions. We’ve seen first-hand that there is no longer a clear distinction between cyber activity and national security,” he said.
He added, “AI is accelerating cyber risk in both scale and complexity, and we advise our clients that underestimating this shift could quickly leave them exposed.” His comments point to a need for stronger governance and deeper technical understanding inside organisations.
Experts Answer On The Impact AI And Geopolitics Have On UK Cybersecurity
Trevor Horwitz, CISO and Founder at TrustNet, said, “The first thing to understand is this is not just a UK issue. The UK is facing the same reality as governments and businesses worldwide: AI is increasing both defensive capability and attacker capability at the same time. Attackers are using AI to scale phishing, automate reconnaissance, and run more convincing fraud campaigns with less effort.
“At the same time, geopolitics has made cyber a preferred tool of disruption. It is cheaper than conventional conflict, harder to attribute, and highly effective at targeting financial systems, supply chains, healthcare, utilities, and public trust. What I typically see is that when geopolitical tension rises, cyber risk often rises with it.
More from Artificial Intelligence
- Top 10 Women In AI To Watch In 2026
- The Risks Of Male-Dominated AI: Could AI Widen The Gender Gap Instead Of Closing It?
- Novo Nordisk Went All-In On OpenAI – Is Big Pharma About To Eat HealthTech’s Lunch?
- Hotspring Develops Leading Hybrid AI And Manual Workflows For Roto And Unveils Brand New 2.0 Interface
- What Do AI Experts Think About Claude Mythos?
- Experts Comment: The EU AI Act Comes Into Force This August – Will It Help Or Hinder European Startups?
- Chinese Scientists Call For Global AI Governance – What Would This Mean For Tech Startups Around The World?
- Is OpenAI Moving Into The Cyber Defence World Next?
“For the UK, these pressures are more visible because of its role as a global financial center and highly connected economy. But the lesson is broader. Every country and every business should assume AI-enabled threats and geopolitically motivated attacks are now part of the operating environment.
“That said, the response needs to be practical: build resilience, strengthen identity controls, manage third-party risk, improve detection, and govern internal AI use properly. Cybersecurity is no longer just an IT issue; it is business continuity, economic stability, and national security.”
Professor Dan Hyde, technology partner at Keystone Law, said, “In the event of war or conflict, there would be a significant uptick in hybrid warfare. We already face a myriad of state backed cyber-attacks, but their incidence and intensity would increase substantially. AI would turn cybersecurity into an arms race of algorithms.
“AI can map a corporation’s global infrastructure and find a vulnerability in minutes; autonomous AI sentries will be needed to react and defend attacks in milliseconds. In the UK, the regulations are ratcheting up mandatory resilience, and those that don’t embed these defence systems will be at risk of prosecution as well as a crippling, no exit cyber-attack in the event of conflict.”
Richard Ford, CTO at cyber security specialist Integrity360, said, “The UK’s cyber risk is being shaped by two forces moving at speed, AI and geopolitics, and together they are changing both the scale and intent of attacks. Geopolitical tension is driving more disruptive activity, particularly from state-aligned groups who are less focused on financial gain and more on impact. We’re seeing simpler, high-volume attacks designed to interrupt services and create uncertainty, rather than long-term, covert breaches. At the same time, AI is lowering the barrier to entry.
“It allows attackers to automate reconnaissance, generate convincing phishing at scale, and move faster once they gain access. That combination makes attacks harder to spot and quicker to execute. For UK organisations, the risk is not theoretical. Critical services, supply chains, and identity systems are all in scope because of how interconnected they’ve become. The challenge now is preparedness. Strong identity controls, rapid patching, and continuous monitoring are no longer best practice, they are essential. Without that, organisations are exposed to both opportunistic attacks and more targeted disruption linked to wider geopolitical events.”
Are UK Organisations Ready?
It looks like there is a gap between threat activity and organisational readiness across the UK. Anthony Young of Bridewell said most organisations are aren’t ready and are still trying to get basic controls in place.
Horne called for a “cultural shift” so that everyone, from board level to IT help desk, takes responsibility for cyber security. Collier said leaders need to move away from prevention alone and assume attackers will gain access, then make systems harder to navigate once inside.
Rob Demain of e2e-assure gave an estimate for how long businesses have to take action. If organisations do not update how they detect and respond over the next 12 months, they will become, as he put it, “significantly under prepared.”
