The UK government has issued a clear warning about the potential consequences of a cyberattack on the nation’s critical infrastructure.
These conclusions are drawn from the latest National Risk Register, which is informed by the government’s classified National Security Risk Assessment. The report evaluates both malicious threats—such as terrorism and cyberattacks—and non-malicious hazards like extreme weather events.
The government estimates a 5–25 percent probability of a serious cyberattack affecting UK critical infrastructure within the next two years. Although the likelihood is labelled relatively low, the possible consequences are severe.
Jamie Akhtar, CEO and co-founder of CyberSmart, commented:
“These figures underline the growing importance of cybersecurity across society. Even if an attack on this scale is not highly likely, a 5–25 percent chance combined with potentially devastating impacts makes it a risk that must be taken seriously. It is essential that everyone—from government departments to small businesses—improves their cybersecurity defences and awareness.”
The register identifies several sectors at particular risk from cyber incidents: gas and electricity networks, civil nuclear facilities, fuel supply chains, government systems, health and social care services, transport, telecommunications, and financial infrastructure.
The report specifically flags the government and a major UK retail bank as especially vulnerable to state-sponsored actors who may seek to encrypt, steal, or destroy critical data or disrupt operational systems.
Although the assessment gives this risk a rating of 4 out of 5 for likelihood, experts warn that even events deemed “unlikely” can have disproportionately large impacts.
The economic price of such an attack could run into the billions of pounds, with the report estimating up to 1,000 possible fatalities and as many as 2,000 casualties in extreme scenarios.
A particular concern noted in the register is the persistent and growing risk from artificial intelligence. Rapid advances in AI could undermine the economy, communities, daily life, and national security if left unchecked.
Arun Kumar, Regional Director at ManageEngine, observed:
“The register recognises how quickly AI is evolving and its potential threat to national infrastructure. It must keep pace with the rapidly changing nature of cyberattacks and anticipate AI becoming an agent of chaos in the near future. AI is improving silently at its own tasks; with deepfakes and AI-driven scams already emerging, we’re seeing more of its dangerous implications.”
The National Risk Register’s findings mirror rising concerns about cyber threats in the UK and internationally. A recent World Economic Forum report found that 86 percent of business leaders and 93 percent of cyber experts believe global geopolitical instability increases the chance of a catastrophic cyber event within the next two years.
Darren Guccione, CEO and co-founder of Keeper Security, added:
“Cybersecurity is national security and must be prioritised accordingly. Protecting critical infrastructure and everyday services from cyberattack is as important as defending against physical attacks because the consequences can be just as devastating. When cyber operations are used for political ends, they can threaten critical systems—power grids, transport networks, financial institutions—and even erase evidence of intrusion in espionage cases. In the digital era, cyber and traditional warfare are increasingly intertwined, with cyberattacks supporting or supplementing physical operations.”
Officials and industry experts urge immediate action to strengthen the UK’s critical infrastructure against cyber threats. Protective measures for essential systems and sensitive data are increasingly vital as attacks grow more sophisticated and state actors and criminal groups become more capable.
In light of the register’s conclusions, the UK government is expected to increase investment in cybersecurity, working closely with private-sector partners and international allies to develop a coordinated, comprehensive response to emerging threats.
The National Risk Register plays a key role in identifying threats to national security and encouraging proactive planning and preparedness to reduce the consequences of future incidents.
Arun Kumar emphasises a proactive approach: “The key to countering AI-enabled threats is to use the same technology to detect and stop them. If we deploy AI tools to identify malicious activity before it succeeds, we can mitigate AI’s worst effects and help ensure the technology benefits society.”
As the cyber threat landscape continues to evolve, developing resilient, adaptive strategies to protect critical infrastructure remains essential to national security and public safety.
(Image Credit: kalhh from Pixabay)
See also: Russian hackers attack UK airports’ websites
Want to learn more about cybersecurity and cloud technologies from industry experts? Consider attending industry expos focused on cyber security and cloud solutions, often co-located with AI and data-focused events in major international hubs.
Explore other upcoming enterprise technology events and webinars to stay informed about the latest developments in cybersecurity and resilience planning.