GLASGOW, Scotland — Richard Horne, Chief Executive of the National Cyber Security Centre (NCSC), delivered a keynote address at the CYBERUK 2026 conference on Wednesday, April 22, warning that the United Kingdom faces an increasingly sophisticated array of state-sponsored cyber threats. Horne characterized China as a peer competitor in cyberspace, marking a significant escalation in the agency’s assessment of global digital adversaries. The warning comes as the NCSC reports handling an average of four nationally significant cyber incidents per week, a frequency that underscores a widening gap between the pace of escalating threats and current national resilience.
The NCSC’s latest assessment, supported by a technical briefing from Director of National Resilience Jonathon Ellison, introduces the framework of a severe cyber threat environment. This designation refers to attacks capable of causing extended operational downtime with direct impacts on public safety, national security, and economic stability. Ellison noted in a concurrent policy statement that the convergence of geopolitical tensions and advanced technologies has created a landscape where high-impact attacks are no longer limited to data theft but are increasingly designed to cause real-world physical and operational disruption.
Central to the NCSC’s warning is the role of frontier AI in lowering the barrier to entry for sophisticated cyber operations. According to the agency, new AI models are enabling threat actors to identify software vulnerabilities and generate malicious code with unprecedented speed and ease. This automation allows adversaries to scale their efforts, moving from initial reconnaissance to full-system exploitation in hours rather than weeks. The NCSC highlighted that while criminal ransomware remains a persistent risk, the most serious threats now originate directly or indirectly from state-aligned actors in Russia, Iran, and China.
Data released during the conference revealed that the NCSC managed more than 200 nationally significant incidents over the past year, more than double the total recorded in the previous reporting period. Security Minister Dan Jarvis, also speaking at the event, noted that the public administration, telecommunications, and financial sectors remain the primary targets for these high-level incursions. Jarvis called on technology firms and operators of essential services to integrate AI-powered defensive tools to counter the automated nature of modern attacks.
The NCSC is urging organizations to move beyond traditional prevention-based strategies toward a model of sustained operational resilience. The agency’s updated guidance stresses that cybersecurity must be treated as a core leadership responsibility rather than a delegated technical task. Organizations are advised to revisit the Cyber Assessment Framework (CAF) to ensure they can maintain essential services even while under active pressure from a compromised network. This includes implementing enhanced threat hunting, network segmentation, and rehearsed recovery plans to mitigate the impact of inevitable breaches.