Britain has become a prime target for cyber interference and subversive activity by both state-backed and independent actors, as Moscow recalibrates its digital offensive strategy and criminal syndicates expand their reach into financial services.
Senior officials have confirmed that UK infrastructure and businesses are increasingly in the crosshairs of Russian-linked cyber activity - part of a broader campaign to sow disruption while skirting direct provocation of the United States.
“We are seeing a concerted pivot. Russia views Britain as a softer, more permissible environment for cyber operations - particularly given the geopolitical calculus around Washington,” one government source told The Times. “There has been a clear uptick in hybrid threats, especially since the start of this year.”
These so-called hybrid threats include cyber intrusions, physical sabotage, and digital disinformation, often carried out through proxies or loosely affiliated criminal networks. In one high-profile incident, three British men were convicted last week of firebombing an aid storage facility in east London - an act the court linked to the Wagner Group, Russia’s notorious paramilitary outfit.
The UK’s intelligence services have long regarded Russian cyber aggression as a persistent threat. MI5 chief Sir Ken McCallum warned late last year that Kremlin operatives aim to incite “sustained mayhem” across Europe, with Britain singled out as a frontline target.
That forecast appears to be coming true. The Ministry of Defence disclosed that more than 90,000 hostile cyber actions were repelled over a two-year span, many traced to Russian-origin malware disseminated through intermediaries.
One Whitehall insider painted a blunt picture: “Russia creates the tools, hands them off to skilled young hackers, and lets them loose. It’s indirect, but hardly deniable.”
Beyond state-led operations, the UK’s insurers are now contending with a different adversary: Scattered Spider, a well-documented cybercriminal group known for infiltrating high-value targets through social engineering. Having previously targeted US casinos and major retailers - including a debilitating breach at Marks & Spencer - the group is now believed to be probing insurers and financial institutions.
Google’s threat analysis division recently attributed multiple US-based insurance outages to this group’s tactics. “The insurance sector is entering the firing line,” warned John Hultquist, Google’s chief cyber analyst. “We expect social engineering against help desks and decentralised IT systems to escalate rapidly.”
Recent attacks on Philadelphia Insurance and Erie Insurance have drawn sharp attention from regulators and reinsurers alike. Philadelphia, part of the Tokio Marine group, was forced to suspend large sections of its operations, while Erie is facing class action litigation over allegations of poor cyber defences.
Underwriters in London are watching closely. The potential for aggregation risk across cyber portfolios - where one event triggers cascading claims across many policyholders - is now regarded as a key systemic concern.
For insurance professionals, the rise in cyber incidents signals a dual challenge: defending their own operations while adapting underwriting strategies for clients.
David Warr (pictured), cyber portfolio manager at QBE, said the firm had long anticipated the current climate. “We warned last year that state-sponsored cyber actors were increasingly likely to target critical infrastructure beyond the battlefield, particularly in sectors like energy,” he said.
“Spillover effects are real. One need only look at the 2022 ransomware attacks on European oil terminals weeks before Russia’s full-scale invasion of Ukraine. Strategic disruption is now part of the playbook.”
QBE’s April research shows that 85% of UK firms believe cyberattacks have risen over the past year, with more than half reporting at least one incident. Perhaps most significantly, 56% of those affected identified a supplier as the origin of the breach.
“Supply chains are now the front line,” Warr said. “We’re more connected than ever. That connectivity comes with risk.”
Insurers are also contending with the financial implications of large-scale claims. The M&S breach, linked to Scattered Spider, is expected to result in a cyber insurance payout of over £100 million. Allianz, the lead insurer, may be liable for an initial £10 million, with layers of coverage involving Beazley and others absorbing the remainder. Broker WTW arranged the policy.
Market analysts say this case may prompt a hardening of premiums and stricter underwriting, particularly for clients without robust digital resilience strategies.
The UK government has acknowledged the scale of the challenge. Its National Security Strategy emphasises the growing likelihood of hostile states positioning themselves to undermine Britain’s infrastructure during times of crisis.
“Some adversaries are preparing to act swiftly, disrupting supply chains and energy networks when tensions rise,” the report noted. “For the first time in decades, we must prepare for the homeland to face direct threats.”
The National Cyber Security Centre’s chief, Richard Horne, added that a widening gap exists between the scale of the cyber threat and current defensive capabilities.
“Businesses, supply chains, and critical sectors all need to improve their resilience,” he said.
Public engagement is also vital. Matthew Savill, military sciences director at the Royal United Services Institute, said: “Raising public awareness is critical. If the state wants to build resilience, it must explain the risks plainly.”
The message to the UK insurance sector is equally clear: Cyber risk is no longer a niche coverage line - it is now central to the industry’s own operational and underwriting viability.
