Retail hacks serve as wake-up call
In recent weeks the, Marks & Spencer, Co-op, and Harrods hacks have disrupted payments, deliveries, and day-to-day operations; the UK government has issued a blunt warning: cyberattacks aren’t going away, and artificial intelligence is about to make things worse. Speaking at the CyberUK 2025 conference in Manchester, Cabinet Office Minister Pat McFadden referenced a newly declassified intelligence report from the National Cyber Security Centre (NCSC). It outlines how AI will “almost certainly” increase both the frequency and intensity of cyber threats between now and 2027.
“Cyber attacks and cyber hacking are likely to be permanent features of this new global order.”
UK Cabinet Office Minister Pat McFadden
“Cyber attacks and cyber hacking are likely to be permanent features of this new global order – there is no point in pretending otherwise,” McFadden said. But he added, “The opportunities are also huge, and I believe that this country… will be at the vanguard of cyberspace and cybersecurity for decades to come.”
(EDITORIAL NOTE: The UK’s wartime legacy at Bletchley Park reminds us that strategic tech leadership has long been a British strength and could be again.)
AI: A Double-Edged Sword
The NCSC report states that AI is already enhancing cyber intrusion techniques, from malware generation to exploit development and it warns that its rapid proliferation could lower the barrier of entry for both rogue states and criminal gangs.
By 2027, AI will likely enable more efficient reconnaissance, vulnerability scanning, and evasion tactics, all while making it easier to exploit unpatched systems. State-backed attackers and cybercriminals are expected to use AI to amplify social engineering, create more sophisticated malware, and even deliver “cyber tools as a service” for less skilled actors.
McFadden warned: “Our security systems will only remain secure if they keep pace with what our adversaries are doing.”
A Growing Divide Between Secure and Vulnerable
As AI capabilities surge, the NCSC foresees a digital divide emerging between those systems that can keep up with AI threats and those that fall behind. This divide will likely place critical national infrastructure (CNI) at greater risk.
The report notes that “AI-assisted vulnerability research and exploit development” will be a key area of concern. As AI reduces the time from vulnerability disclosure to exploitation, system owners face an accelerating race to patch flaws.
And it’s not just the threats. McFadden emphasized that if interconnectedness requires stronger defenses, then the UK has a competitive edge: “We’re already the third-largest exporter of these products and services in the world.”
State Actors, AI Mercenaries, and the New Norm
The intelligence report makes it clear: state-linked actors will exploit AI to a greater extent. North Korean operatives are believed to have stolen over $1.3 billion in cryptocurrency using advanced tactics, and McFadden referred to them as “the world’s leading bank robbers.”
Russia’s cyber operations, often overlapping with disinformation campaigns, are another focus. The UK has pledged £8 million to Ukraine’s cyber defense and £1 million to Moldova to protect their democratic institutions from Kremlin interference.
McFadden added: “Defence today is not just about troops and missiles. It’s also about this cyber realm, too.”
Bolstering National Defences: Laws and Labs
To counter these threats, the UK is pushing new initiatives, including the Cyber Security and Resilience Bill, which will give the Technology Secretary powers to direct regulated organizations to strengthen their cyber posture.
He also highlighted LASR – the Laboratory for AI Security Research – designed to drive research into securing AI systems. McFadden announced a new partnership between LASR and Cisco, which will fund challenges, build demonstrators, and “showcase how our scientists and entrepreneurs can work together to manage the risks.”
Technological (Cyber) Insurance and Economic Opportunity
In what he called a “new kind of technological insurance,” McFadden outlined how cyber protection services could become a major British export. Drawing a parallel to Lloyd’s of London, insuring global shipping routes, he argued that cybersecurity could become a pillar of safe economic growth.
“There is enormous potential for cyber security to be a driving force in our economy,” he said. The UK cyber sector already includes over 2,000 businesses, 67,000 jobs, and revenues exceeding £13 billion. The new Golden Valley development near GCHQ, expected to create 12,000 jobs, further underscores that ambition.
Conclusion: Prepare for Permanence
The report and speech strike a familiar tone: prepare now, or pay later. As McFadden warned: “It’s not routine… Cybersecurity is not a luxury – it’s an absolute necessity.”
Regardless of how the Harrods or Marks & Spencer attacks began AI-driven threats are accelerating—those who fail to adapt risk being left behind. However, for the UK government, that also means opportunity. The new world may be more dangerous, but the UK intends to lead it.
Other News: UK Cyber Insurance Industry Unites to Combat Ransom Payments(Opens in a new browser tab)
