Any kind of intelligence operation (including cyber) has a cost, and therefore it is more likely a path of least resistance is often employed. A cyber intrusion is lower risk and overhead than a physical intrusion, but there are other ways China is able to exercise its significant human resource advantage in ways that take this concept further still. For example, it may make more sense to suggest a UK domiciled citizen of China simply apply for a job of interest, or perhaps simply purchase a company to recover its sensitive information. It’s likely these will all be taken into consideration when security services count their ‘cases’.
There has also been an attempt to alter regulatory controls to allow for a larger lobby over academic research – clearly a soft-touch, patient, nudge towards their strategic objectives and not overtly an illegal attempt to steal intellectual property through unlawful means. By motivating a large resident population in the UK (+ Five Eyes) to act in favour of the CCP, coupled with highly resourced, patient intelligence services, China can operate on an enormous scale to advance its hard and soft power strategy.
Organisations who create or process information of interest to adversaries should be aware of both the risks involved from computer network exploitation, but also through information security practises that look at wider business processes (i.e. Insider threat management, vetting, information segregation, data leakage prevention etc).