UK Government raises impact level of cyberattacks in 2023 National Risk Register


It’s no surprise that the UK Government made cyberattacks a moderate impact threat in the latest National Risk Register. Since the last report was published in 2020, digitalization across each area of UK infrastructure has continued at speed, with the trend not slowing down anytime soon. Due to world events and continued growth of a range of criminal ecosystems, critical infrastructure continues to be a top target priority.

Threats evolved rapidly during the adoption of hybrid working with employers forced to trust their employees with cybersecurity measures outside the safety of an office setting; alarmingly, some companies didn’t have VPNs before the pandemic, so cybersecurity strategy will have accelerated quickly for many. Inevitably, human risk and email security became scrutinized as both inbound and outbound attacks rose. The Cyber Security Breaches Survey for 2023 saw 39% of UK businesses (up from 31% in 2019’s report) being attacked once a week by threat actors, with 83% of these being phishing attempts.

As the 2023 register splits up different cyberattack scenarios from gas infrastructure to UK retail banks to health & social care systems, the more granular approach to attacks is welcome. A one-size-fits-all approach is clearly insufficient, especially when risks vary dramatically between each scenario. It’s now crucial for organizations to continue to evolve their defenses and review their solutions.