Key Takeaways
- Cyberattacks against the UK surged by 1,586% after Russia’s 2022 invasion of Ukraine and have remained at sustained high levels.
- The UK, via its political, military, and cyber support for Kyiv (including training Ukraine’s cyber forces at the NCSC), is seen as a primary target for retaliatory attacks from Moscow-aligned actors.
- The UK was the most frequently targeted NATO member in the study, with nearly two-thirds of observed attacks hitting NATO allies.
- Critical infrastructure like power grids, healthcare, and transport systems was the main focus of attacks (31%), aiming to cause widespread disruption and instability.
Background and Source of the Data
Despite the seemingly staggering nature of the figures, they are indeed grounded in documented research conducted by the Henry Jackson Society, a think tank focused on national security issues in Britain. According to its findings, cyberattacks targeting the United Kingdom’s infrastructure surged dramatically—by as much as 1,586%—following the outbreak of the Russia–Ukraine War in 2022. This provides a crucial baseline for understanding the scale of the escalation linked directly to the geopolitical conflict.
Nature and Trend of the Escalation
The escalation did not remain a one-time spike. Instead, year-on-year data indicates a sustained and significant rise in such attacks. This trend intensified further as the UK increased its political, military, and cyber support to Kyiv in its ongoing conflict against Russia, led by President Vladimir Putin. Britain’s growing involvement appears to have positioned it as a key target in the broader cyber dimension of the war, moving beyond an initial shock to a persistent threat environment.
Attribution to UK’s Strategic Stance
Security analysts largely attribute this surge to the UK’s strategic stance. While not directly engaged in combat, Britain has actively supported Ukraine through defense assistance, intelligence sharing, and cyber capabilities. This involvement has made the UK a focal point for retaliatory cyber operations, particularly from actors aligned with Moscow. As one of the most prominent members of NATO, the UK’s actions carry both symbolic and operational significance, further increasing its exposure to such threats from adversarial states.
NATO-Wide Targeting and UK’s Specific Vulnerability
The study, conducted in collaboration with the CyberPeace Institute, highlights that nearly two-thirds of all observed cyberattacks were directed at NATO member states. Among the eight countries analyzed, the United Kingdom emerged as the most frequently targeted. This underscores not only its geopolitical importance but also its active role in countering Russian aggression in cyberspace, making it a disproportionate focus for hostile cyber activity within the alliance.
Focus on Critical Infrastructure Sectors
A closer look at the sectors affected reveals that critical infrastructure has been a primary focus. Approximately 31% of the attacks were aimed at essential services such as power grids, healthcare systems, and transportation networks. These sectors are particularly vulnerable and impactful, as disruptions can have widespread consequences for public safety and economic stability. Targeting them aims to create maximal societal disruption and pressure on the government’s ability to maintain essential functions.
Targeting of Government and Public Administration
Furthermore, the remaining attacks were directed at public administration and government-related services, further indicating an attempt to destabilize institutional operations. This dual focus—on both the physical lifelines of the nation and the machinery of government—suggests a strategy aimed at undermining national resilience and eroding public confidence in the state’s ability to govern and protect its citizens effectively during a period of heightened tension.
Role of UK’s Cyber Support Initiatives
Between January 2023 and May 2025, researchers observed a broader increase in cyberattacks across European nations. This rise coincided with a key development: the formal training of Ukraine’s cyber forces at the UK’s National Cyber Security Centre (NCSC). This training initiative, while aimed at strengthening Ukraine’s cyber defense capabilities, may have also contributed to heightened cyber tensions in the region by further signaling the UK’s deep commitment to Ukraine’s cyber resilience, provoking a corresponding response from adversaries.
Conclusion: The Evolving Digital Battlefield
In summary, the data reflects a rapidly evolving cyber threat landscape, where geopolitical conflicts increasingly extend into the digital domain. The UK’s prominent role in supporting Ukraine has made it a central target, illustrating how modern warfare is no longer confined to physical battlefields but is equally fought in cyberspace. This necessitates continuous vigilance, adaptation, and investment in national cyber defenses to counter this persistent and evolving threat. The joint research by the Henry Jackson Society and the CyberPeace Institute provides critical evidence of this new reality.