Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne
The UK’s critical infrastructure has faced 200 cyber attacks linked to hostile nation-state actors in the first five months of the year, the head of GCHQ’s National Cyber Security Centre (NCSC) said today.
Hostile states, including Russia, China and Iran, are targeting the systems that underpin the UK’s essential services, Horne disclosed in a lecture at the Royal United Services Institute.
The high number of attacks against CNI shows that cyber attacks cannot simply be treated as a risk to be managed, but as an “ongoing contest between capable adversaries”, he said.
200 attacks against UK CNI
The NCSC managed 200 cyber incidents affecting the UK’s critical national infrastructure and its supporting ecosystem between January 2026 and May 2026, Horne disclosed.
By 2028, the NCSC says AI-enabled cyber capabilities will likely be used by attackers to exploit known vulnerabilities in legacy technology “at scale” across critical national infrastructure.
Businesses, government and the private sector needed to act “now with urgency” to protect their systems and protect themselves against future conflicts, which would see cyber attacks multiply.
“The many vulnerabilities that organisations tolerate today will be exploited in conflict tomorrow. If they are too expensive or hard to fix in peacetime, then they certainly will be in war,” warned Horne.
“In cyberspace, we are not preparing for tomorrow’s conflicts – to some degree, we are fighting them today,” he added.
Cyber defence akin to football match
Drawing an analogy, he said that cyber battle is not like a “wrestling match”, confined to the closed territory of a wrestling ring,
“It is far more akin to a football or basketball game, played across a large field of play, where success depends on how you operate across the entire pitch,” said Horne.
If we collectively embrace the [cyber] contest, understand the urgency and believe we can be a match for any opponent, then we can and will prevail Richard Horne, NCSC
He said coordinated action is needed across the “near, mid and far” cyber spaces where we come into contact with adversaries, and that different approaches were needed in each.
He called on every board member and executive in every organisation to strengthen their cyber resilience by focusing on three core capabilities: understanding their exposure to threats, building stronger defences based on proven security fundamentals, and ensuring they can continue operating and recover quickly after an attack
“We still see far too many significant incidents today that are possible because the fundamentals are not in place,” said Horne.
“The truth is that in this great contest, there are no spectators; we are all on the pitch. From boardrooms to IT helpdesks to sofas at home, the contest is everywhere,” he added.
“If we collectively embrace the contest, understand the urgency and believe we can be a match for any opponent, then we can and will prevail.”
Snap’s new smart glasses are probably the most impressive bit of face-computer technology we’ve seen. They’re not VR-headset huge; they don’t have a big charging puck; thanks to Snap’s many years of AR lens development, they’re likely to have a lot of features right out of the box. (Yes, they’re $2,195, but that may just
LYT L910: The "L" Makes the Difference Anyone familiar with Sony's Lytia sensors may be somewhat surprised by the LYT L910 designation, as it is highly reminiscent of the LYT-910, the first Sony 200-megapixel sensor, which has been used in the Vivo X300 Ultra and the Oppo Find X9 Ultra. It is unclear why Sony
ⓘ Microsoft, Nintendo, Canva AI Office seen with Microsoft Copilot and Nintendo logos A recent Nintendo hack provided rare insight into the mindset of its employees. The workers resented the introduction of Microsoft Copilot, a generative AI assistant. However, there is no evidence that AI tools have created assets for first-party Switch 2 games. Nintendo
Amendment to the UK’s Cyber Security and Resilience Bill calls for the government to publish a ‘digital sovereignty strategy’ to promote domestic technology By Bill Goodwin, Investigations Editor Published: 16 Jun 2026 16:24 MPs are calling on the government to reduce the UK’s dependency on big technology companies amid concerns that the state is over-reliant
Snap’s new smart glasses are probably the most impressive bit of face-computer technology we’ve seen. They’re not VR-headset huge; they don’t have a big charging puck; thanks to Snap’s many years of AR lens development, they’re likely to have a lot of features right out of the box. (Yes, they’re $2,195, but that may just
LYT L910: The "L" Makes the Difference Anyone familiar with Sony's Lytia sensors may be somewhat surprised by the LYT L910 designation, as it is highly reminiscent of the LYT-910, the first Sony 200-megapixel sensor, which has been used in the Vivo X300 Ultra and the Oppo Find X9 Ultra. It is unclear why Sony
ⓘ Microsoft, Nintendo, Canva AI Office seen with Microsoft Copilot and Nintendo logos A recent Nintendo hack provided rare insight into the mindset of its employees. The workers resented the introduction of Microsoft Copilot, a generative AI assistant. However, there is no evidence that AI tools have created assets for first-party Switch 2 games. Nintendo
Amendment to the UK’s Cyber Security and Resilience Bill calls for the government to publish a ‘digital sovereignty strategy’ to promote domestic technology By Bill Goodwin, Investigations Editor Published: 16 Jun 2026 16:24 MPs are calling on the government to reduce the UK’s dependency on big technology companies amid concerns that the state is over-reliant
In a definitive ruling, the Australian Federal Court found that former Star Entertainment Group chief executive Matthias Bekier and former chief legal and risk officer Paula Martin breached their duties multiple times. Justice Michael Lee imposed disqualification orders of six and seven years and financial penalties of AUD 700,000 ($491,000) for Bekier and AUD 400,000
Astana, Kazakhstan, Jun 2, 2026 - (ACN Newswire) - A business delegation led by the Chief Executive of the Hong Kong Special Administrative Region (HKSAR), John Lee, and organised by the Hong Kong Trade Development Council (HKTDC), began its visit to Astana, the capital of Kazakhstan, on 1 June. During the visit, a total of 43
Real business trips almost never go the way the itinerary promised. They start with a confidently-packed suitcase and an eight-page agenda, and somewhere between the airport gate and the hotel breakfast they quietly turn into something nobody could have invented — equal parts comedy, chaos, and unscheduled adventure. These 13 real business trip moments are exactly that kind of work-trip plot
From July 1, any branded SMS your business sends without a registered sender ID will be labelled “Unverified” and grouped with scam messages. What’s happening: From 1 July 2026, any business or organisation that sends SMS using a branded name, such as “MyShop” or “AcmeServices”, instead of a phone number, must have that sender ID
