Overview
- The National Cyber Security Centre said it managed 200 incidents affecting critical national infrastructure between January and May 2026, a surge the agency describes as part of a sustained contest with hostile states.
- Around 75% of incidents over the past year were assessed as linked to state actors such as Russia, China and Iran, the NCSC disclosed in a speech delivered to RUSI on June 17.
- Officials warned attackers are 'pre‑positioning' footholds in hospitals, power, water and finance systems that could be turned into rapid, large‑scale disruption in a future conflict.
- The NCSC warned that AI will enable attackers to find and exploit long‑standing flaws in legacy systems at scale by about 2028, and it has published guidance to help organisations respond to AI‑enabled threats.
- Senior officials urged immediate, coordinated action from boards, executives, government and the public to strengthen basic cyber hygiene, secure supply chains and plan for rapid recovery so services can keep running after an attack.