As cyber threats continue to evolve in complexity and frequency, the United Kingdom’s top cybersecurity official is preparing to issue a stark warning about the growing role of nation states in targeting critical national infrastructure. At the upcoming CYBERUK 2025 conference in Manchester, Richard Horne, Chief Executive of the National Cyber Security Centre (NCSC), is expected to highlight that the UK faces an average of four nationally significant cyber attacks each week, with the majority originating from hostile foreign states.
This assessment underscores a shifting landscape in which cyber warfare is no longer confined to espionage or financial gain but increasingly forms part of broader geopolitical strategies. Horne’s remarks are anticipated to build on themes he introduced earlier in 2025, when he described cyber security as an ongoing contest — likening it to a tennis match where success depends not on controlling every variable, but on mastering what can be influenced while preparing for the unpredictable.
In his keynote address at CYBERUK 2025, Horne emphasized that resilience in the digital age requires a dual focus: strengthening defences within an organization’s control while building capacity to respond effectively to threats beyond it. “Almost all organisations… run on IT that isn’t their own,” he noted, highlighting the interconnected nature of modern digital infrastructure and the limitations of unilateral action.
The NCSC’s annual gathering brings together government officials, industry leaders, academic experts, and international partners to assess emerging risks and coordinate responses. This year’s focus on resilience comes amid heightened concern over supply chain vulnerabilities, the integration of artificial intelligence into both offensive and defensive cyber operations, and the persistent threat posed by state-sponsored actors seeking to disrupt essential services.
Horne has previously pointed to the work of the UK’s National Cyber Force (NCF) — a joint initiative between the Ministry of Defence and GCHQ — as a critical component of national defence strategy. By integrating offensive cyber capabilities with traditional defence mechanisms, the NCF aims to deter adversaries and support broader national security objectives. This approach reflects a growing recognition that effective cyber defence must include not only protection but also the ability to respond, and deter.
Beyond technical measures, Horne has consistently stressed the importance of collective responsibility across society. In remarks delivered during CYBERUK 2025, he stated that the role of the cybersecurity community extends beyond protecting systems to safeguarding people, the economy, and the wider social fabric from harm. This holistic view underscores the real-world consequences of cyber incidents, which can disrupt healthcare, energy supplies, financial systems, and public trust.
The warning about four significant weekly attacks aligns with broader assessments of the UK’s threat environment. While Horne did not specify which states are responsible in his public remarks, UK officials have previously identified countries such as Russia, China, Iran, and North Korea as posing persistent cyber threats to national security. These assessments are typically informed by intelligence sharing through alliances like Five Eyes and internal analysis by agencies including the NCSC and MI5.
Recent years have seen several high-profile incidents attributed to state-linked groups, including attempts to target voting systems, compromise software supply chains, and disrupt critical infrastructure. While not all such attempts succeed, their frequency and sophistication have prompted sustained investment in cyber resilience across both public and private sectors.
Organisations seeking guidance on strengthening their defences can refer to the NCSC’s regularly updated guidance, including the Cyber Assessment Framework and advice on managing supply chain risk. The agency also runs the Active Cyber Defence programme, which includes services like Protective DNS and Web Check to help reduce exposure to common threats.
As the UK continues to navigate an era of persistent and evolving cyber threats, Horne’s message remains clear: resilience is not about achieving perfect security — an unattainable goal — but about building the capacity to withstand, respond to, and recover from incidents when they occur. By focusing on what can be controlled and preparing for what cannot, organisations and individuals alike can contribute to a more secure digital environment.
The next major opportunity to hear directly from the NCSC leadership on these issues will be at future iterations of the CYBERUK conference, where updates on national strategy, threat assessments, and collaborative initiatives are typically shared. For ongoing developments, the NCSC publishes regular advisories and threat reports through its official website and social media channels.
What steps do you believe organisations should grab to improve their cyber resilience in the face of growing state-sponsored threats? Share your thoughts in the comments below, and consider sharing this article to help raise awareness about the importance of collective action in cyber security.