The growth of AI will increase the number and sophistication of cyberattacks on Britain, senior minister Pat McFadden said on Wednesday.
British companies, public bodies and institutions have been hit by a wave of cyberattacks in the past few years, costing them tens of millions of pounds and often months of disruption.
Over the last three weeks British retailers Marks & Spencer , the Co-op Group and Harrods have all been hit by attacks, with M&S still unable to take online clothing orders.
The companies have not given any details on the nature of the attacks.
"Today we are declassifying an intelligence assessment that shows AI is going to increase not only the frequency but the intensity of cyberattacks in the coming years," said McFadden, who as cabinet office minister is responsible for UK cyber security.
"Our security systems will only remain secure if they keep pace with what our adversaries are doing," he said.
Speaking at the National Cyber Security Centre's CyberUK 2025 conference, he said that last year the NCSC received almost 2,000 reports of cyberattacks, with almost 90 deemed "significant" and 12 at "the very top end of severity". This was three times the number of severe attacks compared to the year before.
McFadden said the recent cyberattacks on British retailers should serve as a wake-up call for everyone, including government and the public sector, businesses and organisations.
"Cyber security isn't a luxury, it's an absolute necessity."
He said the government will later this year publish a new cyber security strategy, while new legislation, the Cyber Security and Resilience Bill, will grant government new powers to direct regulated organisations to reinforce their cyber defences.
M&S and the Co-op are widely reported to have been the victims of ransomware attacks where criminals infiltrate companies' computer systems, encrypt them and demand payment before allowing them to resume control.
NCSC CEO Richard Horne told the conference he wanted to see a future where paying ransoms is no longer considered an option, where the business model for the attackers no longer works.
#Pahalgam Terrorist Attack
Live Updates| India strikes Pakistan two weeks after terrorist attack
Pakistan a safe haven for terrorists, further attacks on India were planned, says MEA
Watch how Operation Sindoor destroyed Pakistan terror camps
Over the last three weeks British retailers Marks & Spencer , the Co-op Group and Harrods have all been hit by attacks, with M&S still unable to take online clothing orders.
The companies have not given any details on the nature of the attacks.
"Today we are declassifying an intelligence assessment that shows AI is going to increase not only the frequency but the intensity of cyberattacks in the coming years," said McFadden, who as cabinet office minister is responsible for UK cyber security.
"Our security systems will only remain secure if they keep pace with what our adversaries are doing," he said.
Speaking at the National Cyber Security Centre's CyberUK 2025 conference, he said that last year the NCSC received almost 2,000 reports of cyberattacks, with almost 90 deemed "significant" and 12 at "the very top end of severity". This was three times the number of severe attacks compared to the year before.
McFadden said the recent cyberattacks on British retailers should serve as a wake-up call for everyone, including government and the public sector, businesses and organisations.
"Cyber security isn't a luxury, it's an absolute necessity."
He said the government will later this year publish a new cyber security strategy, while new legislation, the Cyber Security and Resilience Bill, will grant government new powers to direct regulated organisations to reinforce their cyber defences.
M&S and the Co-op are widely reported to have been the victims of ransomware attacks where criminals infiltrate companies' computer systems, encrypt them and demand payment before allowing them to resume control.
NCSC CEO Richard Horne told the conference he wanted to see a future where paying ransoms is no longer considered an option, where the business model for the attackers no longer works.
