NCSC: Nation-State Actors Behind 75% of Cyberattacks on UK Critical Infrastructure
The UK's National Cyber Security Centre warns that three-quarters of cyberattacks on the country's critical national infrastructure originate from hostile state actors.
The UK National Cyber Security Centre (NCSC) has issued a stark warning that 75% of cyberattacks targeting the nation's critical national infrastructure (CNI) are carried out by nation-state actors. The figure, disclosed by NCSC CEO Richard Horne, underscores the persistent and elevated threat facing essential services such as energy, water, transport, and healthcare. The warning comes as part of a broader sector-targeted threat report that highlights the strategic intent of hostile states to probe and compromise the systems that underpin British society.
According to Horne, the dominance of state-sponsored attacks reflects a deliberate shift in adversary focus toward high-value, high-impact targets. Rather than opportunistic cybercrime, these operations are often sustained, well-resourced campaigns aimed at intelligence gathering, disruption, or long-term access. The NCSC's assessment draws on telemetry from its incident response engagements, intelligence sharing partnerships, and open-source analysis, painting a picture of a threat landscape where state actors are the primary aggressors against CNI.
The report does not name specific nations, but historical context points to familiar adversaries. Russian, Chinese, Iranian, and North Korean state-linked groups have all been implicated in previous attacks on UK infrastructure, including the 2020 SolarWinds supply-chain compromise and ongoing targeting of energy grids. The NCSC's warning aligns with similar assessments from allied agencies such as CISA in the United States, which has repeatedly flagged state-sponsored activity against critical sectors.
Technical analysis from the NCSC indicates that these attacks often begin with phishing, credential theft, or exploitation of unpatched vulnerabilities in internet-facing systems. Once inside, adversaries move laterally, establish persistence, and exfiltrate data or prepare for potential disruptive actions. The report emphasizes that many of these intrusions could be prevented or mitigated through basic cyber hygiene, including multi-factor authentication, timely patching, and network segmentation.
The impact of a successful attack on CNI could be catastrophic, ranging from temporary service outages to long-term damage to public safety and economic stability. The NCSC's warning serves as a call to action for operators of essential services to prioritize cybersecurity investments and collaborate more closely with government agencies. Horne stressed that defending CNI is a shared responsibility, requiring public-private partnerships and a culture of continuous improvement.
This announcement follows a series of NCSC advisories on supply chain risks, ransomware trends, and the growing sophistication of state-linked cyber operations. It also comes amid heightened geopolitical tensions, which historically correlate with increased cyber activity. The NCSC has urged all CNI organizations to review their security postures, report suspicious activity, and participate in threat-sharing initiatives.
In response to the report, industry experts have called for greater regulatory oversight and mandatory incident reporting for critical infrastructure operators. The UK government has already introduced the Cyber Security and Resilience Bill, which aims to strengthen protections for essential services. However, the NCSC's latest data suggests that the threat is accelerating faster than defensive measures can keep pace.
Ultimately, the 75% figure is a sobering reminder that cyberattacks on critical infrastructure are not merely a technical problem but a national security issue. As hostile states continue to refine their capabilities, the NCSC's warning should galvanize urgent action across government, industry, and the cybersecurity community to safeguard the systems that millions of people depend on every day.