Three-quarters of cyberattacks on Britain’s critical national infrastructure (CNI) between June 2025 and May 2026 were carried out by hostile state actors, National Cyber Security Centre (NCSC) CEO Dr. Richard Horne said at the Royal United Services Institute (RUSI) Annual Security Lecture in London on June 17, 2026.
“Cyber security is a continuous national contest with capable adversaries, requiring urgent, coordinated action across government, industry and individuals to strengthen resilience.” – NCSC CEO Dr Richard Horne delivering RUSI’s Annual Security Lecture this afternoon. pic.twitter.com/NTI5US7KDc
— NCSC UK (@NCSC) June 17, 2026
Horne said the NCSC managed more than 200 incidents affecting CNI and its supporting systems in the year to May 2026, a volume mirroring the agency’s broader UK baseline of handling roughly four nationally significant incidents per week.
Throughout these disclosures, Russia, China, and Iran were named as the primary state actors targeting systems that underpin Britain’s essential services.
Beyond the raw attack figures, Horne addressed adversary prepositioning, the practice of embedding persistent network access inside CNI systems ahead of potential conflict rather than triggering immediate disruption. He cited Volt Typhoon, the Chinese state-linked campaign that spent years undetected inside U.S. digital infrastructure, as the primary documented example.
“We know that adversaries are pre-positioning today, establishing footholds within technology that underpins critical national infrastructure that could enable rapid exploitation, to cause mass disruption in a time of conflict,” Horne said. “Kinetic targeting in any conflict tomorrow will be based on intelligence gathered today.”
A current NCSC assessment judges it “highly likely” that by 2028, AI-enabled tools will be used to exploit known vulnerabilities in legacy technology across UK critical infrastructure. Horne urged every board and executive to treat unsupported legacy systems as an active liability.
The Cyber Security and Resilience Bill, currently before Parliament, would compel essential service operators to strengthen their defenses through regulation. Britain’s government is also preparing a new National Cyber Action Plan expected in early July 2026, according to Recorded Future News.
“In cyberspace, we are not preparing for tomorrow’s conflicts. To some degree we are fighting them today,” Horne said.
