Skip to main content
Geopolitics & DefenseNational Security

UK Warns of Nation-State Cyber Threats Beyond Financial Theft

Hooded figure in shadows works on laptop amidst broken locks and UK map glow.

"We can't know over the next ten years whether the UK will be in a state of conflict. But we do know that we must prepare for that eventuality. The Strategic Defence Review told us."

Richard Horne and the NCSC

Richard Horne, chief executive of the UK National Cyber Security Centre (NCSC), used his opening plenary at CYBERUK 2026 in Glasgow to recast long‑running warnings about state cyber activity into a more urgent tone. A transcript of his speech, shared with The Register ahead of the event, framed the problem as strategic rather than tactical: organisations must embed cybersecurity into their corporate mission and treat resilience as an investment, not a line‑item to be minimised.

China's whole‑of‑state cyber machine: "a peer competitor in cyberspace"

Horne said China's "whole‑of‑state" cyber apparatus has matured. Where the NCSC in prior years described the China threat as "epoch‑defining," Horne told delegates that Beijing is now "a peer competitor in cyberspace." That judgment sits alongside NCSC assessments — made as recently as October — that the agency handled an average of four nationally significant cyberattacks a week over the previous year and that state‑linked threats from China, Russia, Iran, and North Korea remain among its chief concerns.

Destructive operations, not just ransomware

Horne emphasised that nation‑state operations differ from criminal ransomware campaigns. "Unlike ransomware, these attacks can damage critical national infrastructure, and they cannot be brushed away with a simple payment," he said, warning that attackers now seek infrastructure, secrets and leverage — losses that cannot be reversed by a wire transfer. He pointed to recent examples worldwide, including "the attacks on the Polish energy sector in December," as reminders that cyber operations are integral to modern conflict and that the scope of targeting has widened.

AI as a torch into software "rot"

Frontier artificial intelligence models, Horne said, will complicate the landscape even as they expose existing weaknesses. He argued that AI will act "as a torch shone into the rot already baked into today's software," surfacing long‑buried vulnerabilities and poor security fundamentals. His prescription was blunt: "We must embrace it, secure it, and shape it." That line sits alongside a wider call for cultural change across organisations so that cybersecurity becomes a shared mission across boards, IT help desks and every part of an organisation.

What this means for technologists, policymakers, and procurement leaders

  • Technologists and security teams: The NCSC view places priority on building "defence in depth" so that initial footholds by an attacker do not translate into catastrophic impact, and on being ready to remain operational and rebuild after a successful attack.
  • Policymakers and national security bodies: Horne said cyber operations are "as much a reality of modern warfare as drones and missiles," reinforcing the need to plan for wartime contingencies and to coordinate defensive and offensive capabilities — including work by the National Cyber Force.
  • Procurement leaders and corporate boards: Horne and the NCSC urged a culture shift away from treating cybersecurity as a cost to be minimised; the article explicitly criticises outsourcing security "to the lowest bidder" as a strategy that leaves organisations exposed when nation‑state actors aim to do permanent damage.

Across Horne's remarks runs a single practical demand: organisations must stop treating cyber as someone else's problem. The NCSC CEO tied that cultural transformation to concrete defensive measures — more diverse skills, "defence in depth," and preparing for scenarios when ransom payments are neither viable nor relevant. Whether boards and procurement teams heed that message will shape how resilient the UK and its partners are to state‑level cyber operations that seek leverage, not just cash.

Source: The Register — NCSC speech transcript and reporting