UK Defence Secretary John Healey has announced the creation of a new Cyber and Electromagnetic Command charged with coordinating offensive cyber operations against hostile states. Backed by a significant investment — including £1 billion for AI-enabled systems and a dedicated offensive cyber team — this marks a substantial escalation in the UK’s cyber defence posture.
The Ministry of Defence revealed it has faced roughly 90,000 state-sponsored cyberattacks over the past two years, a figure that has doubled since 2023. Healey described the environment as one of “continual and intensifying” cyber conflict and confirmed the UK is prepared to respond more assertively.
The new Cyber and Electromagnetic Command will not only coordinate offensive cyber operations but will also oversee the development of an AI-driven “kill web.” This initiative aims to integrate disparate military systems to speed decision-making on the battlefield. Healey says the goal is to set “new standards” in defence by ensuring UK forces are “better equipped, better trained, better connected, and capable of innovating ahead of adversaries.”
Offensive cyber activity is not entirely new for the UK. For the past five years the National Cyber Force, a joint unit of GCHQ and the MoD, has conducted covert cyber operations. The change now is greater integration: offensive cyber capabilities will be coordinated centrally through the new command, which will also lead defensive efforts across the services.
Details of the UK’s offensive cyber toolkit remain classified, but recent global examples — from espionage and data theft to sabotaging industrial systems — illustrate potential capabilities. States such as Russia, China, Iran and North Korea have well-documented cyber programmes that engage in espionage, ransomware, and disruption campaigns.
A core concern is whether national infrastructure can withstand an escalation in cyberattacks that may follow a more aggressive UK posture. Spencer Starkey, Executive VP EMEA at cybersecurity firm SonicWall, warned that a large-scale attack on critical infrastructure is no longer hypothetical. He pointed to recent retail and legal-sector breaches and the use of identity compromise, ransomware and lateral movement techniques that could be repurposed to disrupt healthcare, utilities or government services.
Starkey stressed that while the UK has not yet seen a catastrophic “black swan” cyber event at national scale, the trend of attacks suggests it is a matter of when, not if, unless systemic readiness and resilience are rapidly improved across sectors.
Those concerns align with recent parliamentary findings. A Commons public accounts committee report warned that government IT systems are increasingly vulnerable and lag behind cybercriminal capabilities. The report highlighted a severe shortage of skilled cyber professionals and noted that more than a quarter of public-sector IT systems rely on aging, vulnerable legacy technology. That gap creates a pressing vulnerability between rising threats and current defensive capacity.
Private sector organisations are also at risk. Major high-street brands such as Marks & Spencer, Harrods and the Co-op have experienced cyber incidents in recent months, underlining that both public and private infrastructure remain exposed. The National Cyber Security Centre’s chief executive, Richard Horne, has reported that “nationally significant” cyber attacks targeting the UK have doubled in the past six months, raising the alarm for defenders.
The planned “kill web,” due to be operational by 2027, intends to use artificial intelligence and advanced software to connect military assets across the RAF, British Army and Royal Navy. In practice this means sensors on a ship or satellite might detect a threat and that information could instantly enable a response by an F-35, an unmanned drone or an offensive cyber action, shortening sensor-to-shooter timelines and improving lethality and protection.
Beyond digital attacks, the new command will integrate electromagnetic warfare capabilities to disrupt adversary command-and-control, jam enemy communications and degrade hostile sensors and weapon guidance. The MoD referenced Ukraine’s use of technology to rapidly locate and target adversaries as an example of how integrated capabilities can blunt an attacker’s momentum.
Healey said: “The hard-fought lessons from Putin’s illegal war in Ukraine leave us under no illusions that future conflicts will be won through forces that are better connected, better equipped, and innovating faster than their adversaries. We will give our Armed Forces the ability to act at speeds never seen before — connecting ships, aircraft, tanks, and operators so they can share vital information instantly and strike further and faster.”
General Sir James Hockenhull, currently Commander of UK Strategic Command, will oversee the new unit. His existing role spans operations across all three services and includes oversight of current cyber and space capabilities, positioning him to lead the integrated command.
The government’s broader Strategic Defence Review (SDR), announced last year, is expected to detail how strengthened cyber defences will bolster national security and economic stability. Recognising the need for specialist personnel, the MoD has launched a Cyber Direct Entry programme to fast-track recruits into cyber roles and expand the pipeline of digital talent.
Healey emphasized that talent and centralised leadership are key: by attracting top digital experts and creating a nerve centre for cyber capability, the UK aims to harness innovation and properly fund modern defences under the government’s Plan for Change.
Industry voices urge caution and preparedness. Starkey recommends agile, constantly updated cybersecurity arrangements, including regular assessments, threat intelligence sharing, vulnerability management and incident response planning. He also highlights the importance of continuous training so employees remain aware of evolving tactics, techniques and procedures used by attackers.
As the UK moves from rhetoric to action in offensive cyber operations, ensuring robust domestic cyber resilience is essential. The prospect of a major cyber incident now feels more like a question of timing than possibility, making investment in preparedness, workforce and infrastructure more urgent than ever.
Want to learn more about cybersecurity and the cloud from industry leaders? Explore the Cyber Security & Cloud Expo events taking place in Amsterdam, California and London, which bring together experts across digital transformation, IoT, blockchain and AI.