The NCSC CEO reported that approximately 75% of the 200+ cyber incidents affecting UK critical national infrastructure over the past year were linked to hostile state actors such as Russia, China, and Iran. The NCSC warns that unpatched legacy systems pose a severe risk, particularly as AI-enabled cyber capabilities are projected to accelerate the exploitation of known vulnerabilities at scale by 2028.