Published Wednesday, June 17, 2026 at 11:18 AM PT

🚨 BREAKING SECURITY ALERT β€” NCSC CEO: STATE ACTORS BEHIND 75% OF UK CRITICAL INFRASTRUCTURE CYBERATTACKS

BLUF: UK National Cyber Security Centre CEO Dr. Richard Horne has publicly confirmed that hostile state actors are responsible for approximately three-quarters of cyberattacks targeting the UK’s critical national infrastructure (CNI). All CNI operators and their supply chains should treat this as an elevated threat posture signal and review defensive controls immediately.

DETAILS

  • Source statement: Dr. Richard Horne, NCSC CEO, delivered this assessment at RUSI’s Annual Security Lecture β€” a high-profile, credible public forum. This is an official UK government-attributed statement.
  • Scale confirmed: 75% of cyberattacks against UK critical systems are attributed to hostile state actors, per NCSC’s assessment. Specific nation-state actors were not named in the available source material β€” attribution details beyond this figure are unconfirmed at this time.
  • Sectors at risk: “Critical systems” is the stated scope. This broadly encompasses energy, water, transport, finance, telecommunications, and health infrastructure under UK CNI definitions.
  • Threat environment context: This disclosure aligns with a broader pattern of state-linked cyber activity observed globally, including North Korean developer toolchain compromises and expanding malware delivery campaigns noted in concurrent threat intelligence reporting.
  • No specific active incident disclosed in available source material β€” this appears to be a strategic threat assessment, not notification of a live breach.

IMPACT

  • Who is affected: UK critical national infrastructure operators and their third-party supply chains are the primary risk population. Given the interconnected nature of CNI, international partners and vendors with UK CNI exposure should also take note.
  • Scope: National-level. The 75% figure suggests persistent, systematic targeting rather than isolated incidents.
  • Uncertainty flag: Specific threat actor groups, targeted sectors, attack vectors, and timeframes underlying the 75% statistic have not been confirmed in available reporting. Further NCSC guidance or technical advisories may follow.
  1. CNI operators: Review and validate current network segmentation, access controls, and incident detection capabilities against NCSC’s existing CNI guidance.
  2. Elevate monitoring: Increase logging and alerting thresholds on OT/ICS environments and internet-facing systems.
  3. Supply chain review: Audit third-party access to critical systems β€” state actors frequently exploit supply chain vectors.
  4. Zero Trust posture: Ensure identity verification and least-privilege principles are enforced across all access pathways, including agentic and automated systems.
  5. Watch for follow-on NCSC advisories: A public statement of this significance from the NCSC CEO may precede more specific technical guidance or threat actor disclosures.

SOURCES

  • Primary: UK NCSC β€” Statement by CEO Dr. Richard Horne, RUSI Annual Security Lecture
  • Context: RUSI (Royal United Services Institute) Annual Security Lecture β€” official public forum
  • Related threat context: The Hacker News; Qualys Threat Research; Netskope (concurrent threat intelligence, not directly linked to this statement)