SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
International Women’s Day
259 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Uk dusk infrastructure cyber attack wind turbines power grid net
#
DR
#
Ransomware
#
PAM

UK warned over growing cyber threat to key services

Thu, 19th Feb 2026
Author image
By Kaleah Salmon, News Editor

The UK's cyber security agency has warned that critical national infrastructure (CNI) operators and smaller businesses face a growing threat from disruptive cyber attacks, as industry voices question whether organisations are keeping pace with risk.

Jonathan Ellison, Director for National Resilience at the National Cyber Security Centre (NCSC), cited recent incidents in Europe and urged UK operators to strengthen resilience ahead of any escalation in hostile activity.

"Cyber attacks disrupting everyday essential services may sound far-fetched, but we know it's not. Our Polish partners recently reported that some of the country's critical infrastructure was targeted by coordinated attacks just after Christmas, including a heat and power plant and several renewable energy generators. They likened the attempted disruption to arson."

"Incidents like this show the severity of the threat and the need for strong cyber defences and resilience. Operators of UK CNI must take note and act now."

"The NCSC's Cyber Assessment Framework (CAF) has been developed to help operators and regulators understand and implement a robust level of cyber resilience. It sets out principles which, applied correctly, can help mitigate an attack of this nature. Risk management, identity and access controls, and threat hunting are key components of meeting the objectives of the latest iteration."

"The Cyber Security and Resilience Bill, currently in Parliament, will also strengthen the regulatory framework for key sectors, including energy. Clear security requirements, enforced by effective regulators and supported by the NCSC's guidance, tools and services, are essential if government is to gain greater assurance that CNI operators are implementing baseline cybersecurity controls."

"The Bill is a critical step towards managing the UK's collective vulnerability, but the threat is not static. Operators should monitor it to take informed, well-planned steps to protect their infrastructure."

"Prior planning is key. We have recently published guidance (https://lnkd.in/eHVCriXK) on preparing for and planning your organisation's response to a severe cyber threat, including defensive actions that may be proportionate if the cyber threat to the UK increases. These actions require careful preparation and forethought, they cannot be improvised under pressure. Although attacks can still happen, strong resilience and recovery plans reduce both the chances of an attack succeeding and the impact if one does," said Ellison. 

His intervention comes as ministers reiterate that "no one is out of reach" of cyberattacks, and as government data show widespread targeting of UK organisations of all sizes.

Industry specialists said the warnings reflect long-standing concerns about the security of essential services and the preparedness of smaller enterprises.

CNI progress

Ellison pointed to the NCSC's Cyber Assessment Framework as a central tool for operators and regulators. The framework sets out principles across areas such as risk management, access control and threat detection, and aims to support consistent standards of cyber resilience across sectors including energy, transport, communications and water.

The government's proposed Cyber Security and Resilience Bill would give regulators stronger tools in key sectors, introduce clearer baseline security requirements, and tighten oversight of operators running services deemed critical to the country's functioning.

Ellison also said prior planning and rehearsed incident responses reduce both the likelihood of a successful attack and the impact of breaches that do occur. Operators, he added, should track shifts in threat levels and adjust defences based on updated risk calculations.

Ageing systems

While public investment and regulatory initiatives have increased, some security leaders argue that large infrastructure providers continue to lag.

Martin Jakobsen, managing director at Cybanetix, said CNI providers are "still behind the curve" in cybersecurity and breach preparedness, despite government financial support.

"CNI providers often have aging infrastructure due to the long lifespan of investments they make, which makes cyber security increasingly complex as their needs don't come 'off the shelf'. As a result, CNI requires specialist expertise, and the need for scarce cyber skills has ultimately meant slow progress in protecting UK critical assets. Government frameworks and regulation will help drive focus among boards, but regulation does not solve the skills and resource gaps that will remain, even if providers are legally obliged to protect their assets to a government-defined standard."

Infrastructure operators often run industrial control systems and operational technology that predate current cyber risk models. Modernisation programmes can be slow due to long investment cycles, complex safety requirements, and the need to keep services running during upgrades.

Specialist security expertise for these environments remains in short supply. Boards in sectors such as energy and transport face pressure from regulators and investors, but must work within staffing and skills constraints that also affect the wider cybersecurity market.

SME exposure

Concerns about resilience are not limited to large infrastructure operators. Government survey data show that about half of small businesses experienced a cybersecurity incident within a year, underscoring the scale of exposure among organisations that often lack dedicated security teams.

Chris Gunner, virtual chief information security officer at IT services provider Thrive, said incident readiness remained inconsistent across small and mid-sized businesses.

"The Minister's warning that 'no one is out of reach' reflects what many SMEs are learning the hard way. The government's Cyber Security Breaches Survey 2025 suggests that around half of small businesses experienced a cyber security incident in the last year. This is not about being singled out. Most attackers are scanning for weaknesses and moving quickly when they find them."

He added that the financial and operational impact can be acute for smaller firms, which often have limited reserves and fewer options for workarounds when systems fail.

"For smaller firms, the consequences can be disproportionate. The same survey puts the average cost of the most disruptive breaches for small businesses at around GBP £195,000, before you factor in operational downtime, customer impact, and the time leadership teams lose managing the response."

Preparedness gap

Gunner said many organisations still rely on reactive measures and lack clear playbooks for serious incidents.

"Against this backdrop, 'reactive' defences are not enough. Every time a breach occurs, it reinforces the same point: resilience is built in advance and thorough preparation is key. When roles, decision rights and recovery priorities are vague, time disappears fast and the blast radius grows. The SMEs that come through incidents best tend to have already agreed what really has to stay up, who makes the calls under pressure, how they communicate and what 'safe to restore' actually means."

He identified recurring weak points, including identity and access management, logging, patching, network segmentation, and tested backups. He also highlighted supply chain dependencies as a factor that can widen the impact of attacks.

"Resilience also shows up in the unglamorous fundamentals that keep working when everything is noisy: identity and privileged access, logging that holds up under scrutiny, disciplined patching, sensible segmentation and backups that are proven to restore cleanly. It is rarely contained to one environment either. Problems shared by suppliers and trusted connections often shape the true blast radius."

He said the quality of governance and preparation often determines how well organisations recover after an incident.

"Ultimately, the most reliable predictor of a calm recovery is rehearsal: playbooks that have been run, restores that have been tested, and lessons captured and applied after every drill and every event. Tools can accelerate the response, but it is governance and preparedness that still decide the final outcome."

Related stories
In a cost-pressured AI race, operational maturity is now the competitive advantage
AI cyber threats outpace staff readiness, report warns
UK AI budgets shift to data infrastructure & storage
Teramind launches AI governance to tackle shadow AI
Red Hat, Nvidia, Palo Alto forge AI-native telco stack

Top stories

Autonomous AI 'agentic customers' set to reshape banks
How women in cyber change the conversation at board level
The weight women carry
Preserving our voice: Why women must shape the future of AI and cybersecurity
Bridging the gap: Cybersecurity breakthroughs and imbalances