Source: The Conversation – UK – By Gerald Mako, Research Affiliate, University of Cambridge
In April 2007, the Baltic nation of Estonia woke up to one of the world’s first major cyber-attacks on civil society carried out by a state. A series of massive “distributed denial of service” assaults – floods of fake traffic from networked computers – targeted government websites, banks, media outlets and online services for weeks, slowing or shutting them down.
These cyber-attacks followed Estonia’s decision to relocate a Soviet-era war memorial and war graves from the centre of the capital city, Tallinn, to a military cemetery.
Amplified by false reports in Russian media, this sparked nights of protest and rioting among Russian-speakers in Tallinn – and cyber chaos throughout the country. Though the cyber-attack was never officially sanctioned by the Kremlin, the “faceless perpetrators” were later shown to have Russian connections.
Estonia has since transformed itself, in part through voluntary initiatives such as the Cyber Defence Unit (a network of private-sector IT experts), into a leader in this field. It is home to Nato’s Cyber Defence Centre of Excellence, and ranks fifth in the International Telecommunication Union’s global cybersecurity index – alongside the UK.
But in many ways, Estonia is far ahead of Britain in its cybersecurity planning. A 2025 government review found that nearly one-third of the UK’s public sector IT systems were “critically vulnerable” due to historical underinvestment – with some aspects of the police and NHS at particular risk.
International cyber-attacks on the UK increased by 50% last year. “Nationally significant” incidents rose from 89 to 204 – including, in September 2025, a major ransomware attack on Jaguar Land Rover that halted production for a month, causing losses of around £1.9 billion.
Amid these threats, the UK government recently launched its Cyber Action Plan and held the first ever cross-party international security briefing – co-chaired by the National Cyber Security Centre’s CEO, Richard Horne.
So can this more preemptive approach staunch the flow of cyber-attacks on the UK? In my experience of advising European and Asian governments on cybersecurity matters, the problem is that nothing is ever urgent – until everything is.
Cyber-attacks could shatter public trust
A key worry for British ministers is that an attack on government systems could shatter public trust. Imagine welfare benefits going unpaid, tax returns being ignored and health records frozen amid a major ransomware crisis.
The new plan prioritises central government digital services including tax, benefits, health records and identity verification. Pledging £210 million in additional funding, it promises to address the difficulty of attracting highly paid private-sector engineers, analysts and penetration (“pen”) testers to the public sector. Defence companies, specialist security firms and big tech typically pay 30-50% higher salaries.
While establishing a Government Cyber Unit is welcome, its phased rollout to 2029 feels too leisurely amid the level of threats the UK (and other countries) now face. Groups linked to Russia and China in particular are dramatically increasing the volume and sophistication of cyber-attacks. They combine state resources with criminal ecosystems to exploit the vulnerabilities of years of IT under-investment much faster than most cyber-defences can adapt.
Rapid developments in AI technology are also making the threat more severe – for example, through highly personalised phishing attacks and use of deepfakes. Defenders are struggling to keep up with the scale and constantly changing nature of these threats.
Who leads the way on cyber-defence?
The US is in a league of its own when it comes to cyber-defence. The federal government alone spends an annual US$25 billion (£18 billion) on defending its IT systems, compared with the UK’s £2-2.6 billion.
Australia’s budget – A$6.2 billion (£3.2 billion) – also exceeds the UK’s, despite its much smaller population. It enforces strict rules such as 12-hour critical incident reporting and, most importantly, has prioritised investing in new technologies.
Countries that are ahead of the cybersecurity curve show the same ingredients work: mandatory rapid reporting of incidents, serious investment in AI-powered monitoring, real-time sharing of information between government and private sectors, and strong international partnerships.
What came as a shock to Estonia in 2007 has been hitting European institutions and infrastructure for years now. Since Russia launched its full-scale invasion of Ukraine four years ago, it has woven cyber operations much more closely into its hybrid warfare playbook. In 2022, there were more than 650 documented attacks by pro-Russian groups, of which only 5% targeted Ukraine – the rest focused on Nato and other EU countries.
In contrast, China has tended to prioritise stealthy, long-term espionage, including the UK Ministry of Defence payroll breach in 2024. Iran has focused on aggressive disruption, and North Korea on seizing funds through cyber heists – the most successful of which stole US$1.5 billion in cryptocurrency by hacking into the Bybit crypto exchange.
To keep pace, the UK needs to lean harder into its alliances, including with Nato and the EU. It should insist on compulsory AI-threat training across government and key industries, and show more willingness to expose attackers publicly. A timely but measured response should at least raise the risk (and cost) of the next cyber-attack for its state-sponsored perpetrators.
Gerald Mako does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
– ref. Which countries are best-placed to resist state-supported cyber-attacks? A government advisor explains – https://theconversation.com/which-countries-are-best-placed-to-resist-state-supported-cyber-attacks-a-government-advisor-explains-275447