DataCentreNews UK - Specialist news for cloud & data centre decision-makers
United Kingdom

Guides

#
disaster recovery
#
multi-cloud
#
power / energy
#
software defined wide area network
#
storage

Search

Uk cybersecurity situation room with critical infrastructure map
#
Storage
#
Malware
#
Firewalls

UK cyber plan tackles state threats & ransomware

Thu, 15th Jan 2026
Author image
By Shannon Williams, News Editor

Cybersecurity experts warn that organisations face a more volatile threat landscape in 2026, as geopolitical tensions drive state-linked attacks and enterprises revisit older storage technologies in response to ransomware.

UK lawmakers have introduced the Government Cyber Action Plan, which sets out measures that aim to strengthen cyber defences across vital public services. Security specialists say the move reflects a broader shift in both the nature of cyber threats and the types of defensive tools that enterprises now consider.

Vendors and analysts expect cyber warfare, critical infrastructure risk and long-tail ransomware recovery to dominate board agendas through 2026.

Geopolitics shift

Security leaders describe a growing overlap between traditional cyber crime and state-aligned campaigns. They say this blurs the line between criminal extortion and geopolitical disruption and raises the likelihood that organisations become unintended victims.

"The introduction of the Government Cyber Action Plan is an acknowledgement that as geopolitical tensions heighten, elevated levels of cybersecurity vigilance are required from every organisation, especially those involved in the delivery of key public services. For example, geopolitics has long been a driver of DDoS attack activity, but threat actors are targeting more intelligently, moving on from targeting government websites directly to hitting supporting service enablers and digital supply chains.

"A big change we have seen in 2025 is the immediacy of the relationship between real-world tensions and cyber activity. Attacks are now launched to coincide with individual political speeches or specific military operations. Private and public sector organisations can easily become collateral damage in geopolitically motivated attack campaigns.

"More sophisticated attack tools and the emergence of next-generation 'DDoS-as-a-Service' capabilities have removed barriers to entry to sophisticated attack capabilities, giving threat actors the ability to easily orchestrate complex campaigns. For defenders, this makes real-time intelligence** and adaptive defences more critical than ever," said Darren Anstee, Chief Technology Officer for Security, NETSCOUT.

Enterprises that run critical national infrastructure and essential services face heightened scrutiny from regulators. They also face growing exposure to spill-over attacks that target suppliers and online intermediaries rather than government assets directly.

DDoS evolution

Security professionals report an increase in distributed denial-of-service activity linked to political flashpoints and regional conflicts. Adversaries now combine higher volumes of traffic with more complex techniques that aim to exhaust both network capacity and security controls.

Specialists say that so-called DDoS-as-a-service offerings on criminal marketplaces give less skilled actors access to attack tools and rentable botnets. These services automate aspects of reconnaissance and attack orchestration. They also reduce the cost and expertise required to launch disruptive campaigns.

Defenders respond by investing in real-time telemetry and automated mitigation tools that adjust to changing attack patterns. They also seek better visibility across their own environments and their external service providers.

Supply chain risk

The growing focus on digital supply chains reflects a pattern in which attackers bypass primary targets. They do this by compromising upstream or downstream entities such as managed service providers, hosting platforms or specialist software vendors.

Security teams now assess risk beyond their own networks. They review contractual obligations on security controls. They also push for clearer incident reporting and joint response planning with partners.

Industry observers say this trend places additional weight on the Government Cyber Action Plan and similar frameworks. These initiatives encourage baseline security practices and information sharing across public and private sectors.

Ransomware response

While geopolitical campaigns draw attention, ransomware remains a persistent threat to enterprises of all sizes. Breaches that destroy or encrypt backups are prompting some organisations to re-evaluate their storage strategies and recovery processes.

"Companies are realising they can't do ransomware with a point product. There is no magic wand or silver bullet to deploy against a threat that can come from anywhere. IT teams and their organisations will need a deep defence, including building layers of security and using different protocols, processes, platforms and tech, and this means relying on tape," said Andrew Dodd, HPE Storage Worldwide Marketing Communications Manager, the LTO Programme.

Security architects now talk about layered defence models that combine network controls, endpoint protection, identity security and data resilience measures. They separate data storage decisions from threat detection tooling. They also revisit offline or air-gapped backup methods that reduce the risk of simultaneous compromise.

Return of tape

Tape storage features in many of these discussions. Technology teams argue that offline, removable media reduces the attack surface during a ransomware incident because it is not continuously accessible over the network.

Organisations in regulated sectors, such as financial services and healthcare, have used tape for long-term archiving. Some of these enterprises now extend its role into cyber recovery plans. They implement tiered backup architectures with a mix of disk, cloud and tape. They also test restore procedures from each tier.

Vendors in the Linear Tape-Open ecosystem report increased interest from customers that experienced ransomware incidents. They say these customers often reassess the balance between rapid restore times and isolation from online threats.

Resilience focus

The combination of state-linked attacks, commodity criminal tools and long dwell times inside networks pushes organisations to treat cyber incidents as an operational risk rather than only an IT issue. Boards ask for clearer metrics on recovery times and data loss. They also demand evidence of scenario planning that includes both disruptive DDoS events and destructive malware.

Security consultants expect this year to bring more regulatory attention on incident reporting and resilience testing. They say this will affect not only critical infrastructure operators but also suppliers that connect to those environments.

"More sophisticated attack tools and the emergence of next-generation 'DDoS-as-a-Service' capabilities have removed barriers to entry to sophisticated attack capabilities, giving threat actors the ability to easily orchestrate complex campaigns. For defenders, this makes real-time intelligence** and adaptive defences more critical than ever," said Anstee.
Related stories
Serbus completes executive team for UK security push
VDURA adds AI infrastructure leaders to strengthen board
Trane to acquire LiquidStack in data centre cooling push
AI lifts silicon wafer shipments as revenue softens
Delivery constraints now define Europe’s data centres

Top stories

NVIDIA touts GB300 to slash AI agent inference costs
ABB to buy Premium Power to boost power advisory work
Phoenix gains top VMware partner & consulting status
ECL unveils FlexGrid to power AI edge data centres
Endeavour unveils TurboCell to stabilise AI power demand