GLASGOW, Scotland — Britain’s top cybersecurity official is set to deliver a stark warning that hostile foreign governments, particularly Russia, Iran and China, are behind the most dangerous digital attacks targeting the United Kingdom.
Richard Horne, who leads the National Cyber Security Centre within Britain’s intelligence agency GCHQ, plans to tell audiences Wednesday that the nation faces “the most seismic geopolitical shift in modern history.” According to advance excerpts of his remarks, Horne will urge British companies to strengthen their defenses against potential large-scale cyberattacks should the UK become embroiled in international conflicts.
Across Scandinavia and Eastern Europe, government officials have recently issued similar warnings. Sweden, Poland, Denmark and Norway have all reported that Russian-linked hackers have attempted to breach critical systems including electrical grids and water infrastructure.
The NCSC director will reveal his agency currently responds to approximately four “nationally significant” digital security breaches each week. While criminal activities like ransomware remain the most frequent issues, state-sponsored attacks pose the gravest danger, according to his prepared remarks.
This assessment echoes concerns raised in December by Blaise Metreweli, who heads Britain’s MI6 foreign intelligence service. Metreweli characterized the current global situation as more perilous than any period in recent decades, describing Britain as existing “in a space between peace and war.”
“Let’s be clear, cyberspace is part of that contest,” Horne will state during his address at the CyberUK conference in Glasgow.
Regarding specific threats, Horne will describe China’s intelligence and military cyber capabilities as demonstrating an “eye-watering level of sophistication.” He’ll also assert that Iran is “almost certainly using cyber activity to support the repression of British individuals on our streets who are seen as a threat to the regime.”
As for Russia, Horne plans to highlight how Moscow has adapted digital warfare methods developed during its Ukraine campaign, “moving them beyond the battlefield” through “sustained Russian hybrid activity” aimed at the UK and broader Europe. He’ll emphasize that businesses must study how cyber operations function in wartime scenarios to strengthen their own protective measures.
In potential conflict situations, Horne will warn, the UK could face massive cyberattacks where companies cannot simply pay ransoms to restore their data and systems. This reality, he’ll argue, makes it essential for every organization to fully grasp their vulnerability and enhance their digital defenses immediately.
Recent incidents support these concerns. Swedish officials announced Friday that a pro-Russian organization connected to Moscow’s intelligence apparatus orchestrated a cyberattack on a heating facility last year.
Carl-Oskar Bohlin, Sweden’s civil defense minister, drew parallels to December attacks in Poland, where coordinated digital strikes targeted heating and power facilities serving nearly half a million customers, plus renewable energy installations. Polish investigators later determined the hackers had “direct links to Russian services.” Norway reported a similar April 2025 incident affecting dam water controls, while Denmark disclosed a December 2024 attack on water utilities that temporarily cut service to residential areas.
These four cyberattacks represent just a fraction of over 155 documented disruption incidents — encompassing arson, sabotage and espionage — that Western intelligence agencies have connected to Russia or its allies since Moscow’s February 2022 invasion of Ukraine, according to Associated Press tracking.
Additional Russian-linked activities identified by European authorities include interference with German aviation traffic control systems, attempts to compromise Signal and WhatsApp accounts of government officials and journalists, and efforts by Russian military intelligence hackers to exploit router vulnerabilities for stealing sensitive user information.
