The UK’s top cyber authority is warning that the country is entering a “perfect storm” for cyber security, driven by rapid advances in AI and rising geopolitical tension. According to the National Cyber Security Centre (NCSC), the most serious cyber incidents now mostly originate from hostile nation states such as Russia and Iran, not just criminal gangs.
That shift has major implications for UK PLC and for every member of the public.
Introduction
In a recent keynote at the CYBERUK conference, NCSC CEO Dr Richard Horne warned that the UK is living through a period of “tumultuous uncertainty”. As cyber operations become integral to modern conflict – as central to warfare as drones or missiles. The NCSC now handles roughly four “nationally significant” cyber incidents every week, more than double the level just a year earlier. And the majority of those high‑impact cases are linked directly or indirectly to nation states.
Russian and Iranian state‑sponsored or state‑aligned actors are a key part of this trend. They use cyber operations to disrupt critical services, target UK businesses, and pressure dissidents and communities inside Britain. The message from the UK government’s cyber agency is blunt: whether you are a board member or a home user, cyber security is now “the home front” and everyone has a role to play in national resilience.
Key takeaways
- The NCSC says the majority of the UK’s most serious cyber incidents now come from nation‑state actors, not purely criminal groups.
- Russia and Iran are using cyber tools to project power. From hybrid operations against infrastructure to targeting individuals in the UK.
- The NCSC urges UK businesses and the public to treat cyber resilience as a core part of preparing for future crises or even outright conflict.
Why the NCSC is warning of a ‘perfect storm’
Dr Horne describes a collision of forces. Frontier AI that can rapidly discover and exploit vulnerabilities, combined with intensifying geopolitical rivalry, is lowering the barrier for sophisticated attacks and expanding the attack surface into robotics, autonomous systems and even human‑integrated technology. In this environment, organisations can no longer treat cyber security as a narrow IT concern. Businesses and governments must view it as a strategic societal issue.
The NCSC’s most recent review reports 204 “nationally significant” cyber incidents between September 2024 and August 2025, up from 89 the previous year. An increase of around 130 percent and the highest level ever recorded. That equates to about four serious incidents every week, many affecting essential services, government functions or large segments of the economy.
How Russian and Iranian hackers are targeting UK PLC
In his CYBERUK speech, Dr Horne warned that Russia is taking the cyber lessons learned from the war in Ukraine and “moving them beyond the battlefield”, directing those tactics at states it considers hostile. UK authorities report sustained Russian hybrid activity against assets across the UK and Europe. This includes blending cyber operations with disinformation and other forms of pressure.
Iranian state‑sponsored groups are also a growing concern. The NCSC assesses that Iran is “almost certainly” using cyber operations to support the repression of British‑based individuals perceived as a threat to the regime. While Iranian groups linked to the Islamic Revolutionary Guard Corps have targeted government, healthcare and dissident communities. For UK PLC, this not only risks disrupting critical infrastructure. But it also draws large brands, supply chains, and professional services into geopolitically motivated campaigns.
What the public can do to prepare
Nation‑state cyber campaigns do not only target government bodies and big businesses. They often spill over into phishing, credential theft and data breaches that affect ordinary people. The UK government’s Cyber Aware program focuses on a small set of actions that give home users the most protection:
- Turn on 2‑step verification for your email and key accounts so stolen passwords alone are not enough to access them.
- Use a strong, unique password for your email, ideally built from three random words. And avoid reusing it on other sites. Or a secure password manager to streamline the process.
- Keep your devices and apps updated. And back up irreplaceable data to the cloud or an external drive that is not permanently connected.
These steps, combined with reputable anti‑malware and secure browsing tools like Panda Dome, significantly reduce the likelihood that a state‑linked campaign can compromise your household devices or online accounts.
Strengthening your defenses with Panda Security
Panda Security’s solutions are designed to help UK businesses and consumers improve their cyber defenses. This includes advanced endpoint protection and managed detection and response. It also includes tools that support patching, device control, and threat visibility across hybrid environments.
In a world where Russian and Iranian state‑backed attackers are increasingly willing to target UK interests, investing in layered protection and cyber hygiene is no longer optional. It is part of how UK PLC and the public prepare for the possibility of cyberwar.
