When it comes to what is changing with the UK’s cyber threats, Richard Horne, CEO of the UK鈥檚 National Cyber Security Centre, used the CYBERUK conference in Glasgow to set out the situation. 鈥淭he next decade will be defined by a combination of geopolitical tensions and high-seed technological evolution,鈥 he said, describing a 鈥減erfect storm鈥 for cyber security.
That combination is already affecting daily operations across the UK. The NCSC handled 204 鈥渘ational significant鈥 incidents at the time of its last annual review, published in October 2026, and Horne said the total has stayed 鈥渇airly steady鈥. The volume has not dropped, and the nature of those incidents is evolving.
Ransomware continues to appear in routine cases across many organisations. The most serious threats the NCSC deals with come from nation states. Horne claims Russia, China and Iran are targeting UK organisations and individuals with different aims and methods. He added that China鈥檚 intelligence and military agencies now show an 鈥渆ye-watering level of sophistication鈥 in cyber operations.
Jamie Collier from Google Threat Intelligence Group told Infosecurity that the UK is 鈥渘avigating a complex and blended threat landscape where nation-state actors pursue very different strategic goals.鈥 That environment makes it harder for security teams to judge risk and respond in a consistent way.
How Are Geopolitics Impacting Attacks?
Activity connected to China has become persistent and harder to detect over time. It often targets routers and VPNs instead of older entry points used in earlier campaigns. A joint advisory in August 2025 connected three China-based companies to a global campaign against critical networks.
Russia continues to act as a disruptive cyber actor across Europe and the UK. Collier said, 鈥淩ussia remains the most visible and disruptive threat, characterised by a mix of sophisticated espionage and a surge in pro-Russia hacktivist activity.鈥 Horne added that lessons from the war in Ukraine are being reused, with tactics refined in conflict now directed at states seen as hostile.
Apparently, Iran is taking a different route through targeted digital activity. Horne said it is 鈥渁lmost certainly鈥 using cyber activity to support repression of individuals in the UK. Martin Riley of Bridewell pointed to the Handala wiper incident affecting an NHS supplier as a sign of what is coming, adding organisations should expect more direct targeting.
Where Does AI Come Into All Of This?
Horne warned that new AI systems are speeding up both discovery and exploitation of weaknesses across networks. 鈥淔rontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cyber security are still to be addressed,鈥 he said.
Mike Maddison, CEO of NCC Group, said the overlap is now impossible to ignore in practice. 鈥淩esilience is now being tested at the intersection of AI and geopolitical tensions. We鈥檝e seen first-hand that there is no longer a clear distinction between cyber activity and national security,鈥 he said.
He added, 鈥淎I is accelerating cyber risk in both scale and complexity, and we advise our clients that underestimating this shift could quickly leave them exposed.鈥 His comments point to a need for stronger governance and deeper technical understanding inside organisations.
Experts Answer On The Impact AI And Geopolitics Have On UK Cybersecurity
Trevor Horwitz, CISO and Founder at TrustNet, said, “The first thing to understand is this is not just a UK issue. The UK is facing the same reality as governments and businesses worldwide: AI is increasing both defensive capability and attacker capability at the same time. Attackers are using AI to scale phishing, automate reconnaissance, and run more convincing fraud campaigns with less effort.
“At the same time, geopolitics has made cyber a preferred tool of disruption. It is cheaper than conventional conflict, harder to attribute, and highly effective at targeting financial systems, supply chains, healthcare, utilities, and public trust. What I typically see is that when geopolitical tension rises, cyber risk often rises with it.
More from Artificial Intelligence
- Akeneo Unveils 鈥淭he Great Restack鈥 As Agentic Commerce Reshapes Global Retail Architecture
- More Experts Share: How The UK’s Cybersecurity Is Being Impacted By AI & Geopolitics
- AI Whisperer, Prompt Engineer, Chief AI Officer. Welcome To The Weirdest Jobs Market In Tech History
- Can鈥檛 Find Your Car? AI Can Now Help You Locate Your Parking Spot
- Top 10 Women In AI To Watch In 2026
- The Risks Of Male-Dominated AI: Could AI Widen The Gender Gap Instead Of Closing It?
- Novo Nordisk Went All-In On OpenAI 鈥 Is Big Pharma About To Eat HealthTech’s Lunch?
- Hotspring Develops Leading Hybrid AI And Manual Workflows For Roto And Unveils Brand New 2.0 Interface
“For the UK, these pressures are more visible because of its role as a global financial center and highly connected economy. But the lesson is broader. Every country and every business should assume AI-enabled threats and geopolitically motivated attacks are now part of the operating environment.
“That said, the response needs to be practical: build resilience, strengthen identity controls, manage third-party risk, improve detection, and govern internal AI use properly. Cybersecurity is no longer just an IT issue; it is business continuity, economic stability, and national security.”
Professor Dan Hyde, technology partner at Keystone Law, said, 鈥淚n the event of war or conflict, there would be a significant uptick in hybrid warfare. We already face a myriad of state backed cyber-attacks, but their incidence and intensity would increase substantially. AI would turn cybersecurity into an arms race of algorithms.
鈥淎I can map a corporation鈥檚 global infrastructure and find a vulnerability in minutes; autonomous AI sentries will be needed to react and defend attacks in milliseconds. In the UK, the regulations are ratcheting up mandatory resilience, and those that don鈥檛 embed these defence systems will be at risk of prosecution as well as a crippling, no exit cyber-attack in the event of conflict.鈥
Richard Ford, CTO at cyber security specialist Integrity360, said, 鈥淭he UK鈥檚 cyber risk is being shaped by two forces moving at speed, AI and geopolitics, and together they are changing both the scale and intent of attacks. Geopolitical tension is driving more disruptive activity, particularly from state-aligned groups who are less focused on financial gain and more on impact. We鈥檙e seeing simpler, high-volume attacks designed to interrupt services and create uncertainty, rather than long-term, covert breaches. At the same time, AI is lowering the barrier to entry.
“It allows attackers to automate reconnaissance, generate convincing phishing at scale, and move faster once they gain access. That combination makes attacks harder to spot and quicker to execute. For UK organisations, the risk is not theoretical. Critical services, supply chains, and identity systems are all in scope because of how interconnected they鈥檝e become. The challenge now is preparedness. Strong identity controls, rapid patching, and continuous monitoring are no longer best practice, they are essential. Without that, organisations are exposed to both opportunistic attacks and more targeted disruption linked to wider geopolitical events.鈥
Are UK Organisations Ready?
It looks like there is a gap between threat activity and organisational readiness across the UK. Anthony Young of Bridewell said most organisations are aren’t ready and are still trying to get basic controls in place.
Horne called for a 鈥渃ultural shift鈥 so that everyone, from board level to IT help desk, takes responsibility for cyber security. Collier said leaders need to move away from prevention alone and assume attackers will gain access, then make systems harder to navigate once inside.
Rob Demain of e2e-assure gave an estimate for how long businesses have to take action. If organisations do not update how they detect and respond over the next 12 months, they will become, as he put it, 鈥渟ignificantly under prepared.鈥
