UK critical infrastructure hit by 200 cyber incidents in a year, agency says

Critical infrastructure includes power plants, hospitals and airports. King’s College hospital in London was affected by a ransomware attack in 2024. Photograph: Andy Rain/EPA View image in fullscreen Critical infrastructure includes power plants, hospitals and airports. King’s College hospital in London was affected by a ransomware attack in 2024. Photograph: Andy Rain/EPA UK critical infrastructure hit by 200 cyber incidents in a year, agency says Head of National Cyber Security Centre says UK in ‘ongoing contest with capable adversaries’ and AI could add to threat The UK’s critical national infrastructure has been hit by more than 200 cyber incidents over the past year and state-linked assailants were behind three-quarters of the attacks, according to the state cybersecurity body. Richard Horne, the chief executive of the National Cyber Security Centre (NCSC), said hostile states such as Russia, China and Iran were increasingly targeting systems behind the UK’s key services. Examples of critical national infrastructure include the UK’s nuclear deterrent, power plants, hospitals and airports. Horne said the UK was engaged in an “ongoing contest with capable adversaries”. “This contest is not confined to a compact space. It is not like a wrestling match in a closely defined territory, as some have suggested,” he said in a speech at the Royal United Services Institute. “It is far more akin to a football or basketball game, played across a large field of play, where success depends on how you operate across the entire pitch.” The NCSC , part of the GCHQ intelligence agency, defines a cyber incident as an “attempt to damage, disrupt or gain unauthorised access to computer systems, networks or devices.” Horne said the NCSC responded to more than 200 cyber incidents affecting the UK’s critical national infrastructure and its “supporting ecosystem” in the year to May, with about 75% of those “believed to be linked to state actors”. View image in fullscreen Richard Horne, the chief executive of the National Cyber Security Centre. Photograph: CyberUK/Getty Images Horne said advances in AI were likely to accelerate the threat, exposing cyber-flaws in national infrastructure, with 2028 likely to be the year when such a threat crystalised. He said organisations needed to concentrate on the “fundamentals” of cybersecurity, such as ensuring they could recover quickly from attacks. “The many vulnerabilities that organisations tolerate today will be exploited in conflict tomorrow. If they are too expensive or hard to fix in peacetime, then they certainly will be in war,” he said. The emergence of Anthropic’s Claude Mythos AI model has raised concerns that organisations face a heightened risk of AI-enabled cyber-attacks. However, experts caution that most breaches still come from well-established risks such as weak authentication and already known vulnerabilities that have not been patched. Horne described the cyber-threat as affecting a range of places, from “