Webinar: Cyber Threat and Resilience Intelligence Briefing Series – Defence
State-sponsored hackers are now directly targeting employees in the UK defence supply chain through personalised cyber-espionage, amplifying risks to national security amid escalating geopolitical tensions.
Key takeaways
- •In early 2026, Google reported a surge in state-linked campaigns spoofing defence contractors across Europe including the UK, shifting from broad infrastructure hits to individual employee targeting via hiring processes.
- •The UK defence sector faces mounting pressure from recent high-impact incidents and a 2025 Strategic Defence Review that integrates cyber as a core warfighting domain, with new structures like CyberEM Command set for implementation.
- •Failure to bolster resilience risks supply chain compromises that could delay military capabilities or expose sensitive data, at a time when AI lowers barriers for adversaries and economic damages from similar attacks reached £1.9 billion in one 2025 case.
Escalating Cyber Risks to UK Defence
The UK's defence industrial base confronts a rapidly intensifying cyber threat environment as state actors exploit vulnerabilities in supply chains and personnel. Recent intelligence highlights how adversaries, including those linked to Russia and China, have expanded targeting to include spoofed websites of hundreds of defence firms and direct approaches to employees during recruitment. This evolution makes espionage more accessible and harder to detect, particularly as AI tools reduce the expertise needed to mount sophisticated operations.
Geopolitical pressures drive this focus: the 2025 Strategic Defence Review positioned cyber alongside traditional domains, establishing a CyberEM Command for integrated offensive and defensive operations while accelerating digital targeting capabilities by 2027. Concurrently, the government advanced a Cyber Action Plan with £210 million funding and proposed a Cyber Security and Resilience Bill to expand oversight of critical sectors. These moves respond to persistent incidents, including breaches at Ministry of Defence contractors that exposed sensitive military site data.
The stakes extend beyond immediate data loss. Compromised defence suppliers can disrupt production timelines for weapons systems, erode technological edges, and impose substantial economic costs—exemplified by a 2025 attack on a major manufacturer causing £1.9 billion in UK-wide damages. Smaller firms in the supply chain remain particularly vulnerable, often lacking resources to counter advanced persistent threats, creating cascading risks for larger primes and national capabilities.
Tensions arise between rapid innovation and security: the push for digital transformation and AI integration in defence systems introduces new attack surfaces, while reliance on global supply chains exposes dependencies that adversaries can exploit. Balancing collaboration with international partners against the need for sovereign resilience adds complexity, as does the skills shortage in cyber expertise across government and industry.
Sources
- https://www.adsgroup.org.uk/events/webinar-cyber-threat-and-resilience-intelligence-briefing-series-defence2/
- https://www.theguardian.com/world/2026/feb/10/state-sponsored-hackers-targeting-defence-sector-employees-google-says
- https://uk.leonardo.com/en/news-and-stories-detail/-/detail/ai-augmented-threats-implications-for-uk-cyber-resilience
- https://www.gov.uk/government/publications/the-strategic-defence-review-2025-making-britain-safer-secure-at-home-strong-abroad
- https://www.gov.uk/government/publications/government-cyber-action-plan/government-cyber-action-plan
- https://www.adsadvance.co.uk/cyber-and-resilience-trends-in-2026.html
- https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
You might also like
- Feb 23Fully Funded Cyber Support for Care Providers: What’s available and how to access it
- Mar 6Digital4Security Taster Workshops - Workshop 6: Critical Infrastructure Cybersecurity and Resilience: A Socio-technical Perspective
- Mar 17Webinar: Cyber Threat and Resilience Intelligence Briefing Series – National Security
- Mar 25Future Proofing Your Business: The Race to Security
- Apr 16Building Effective Security Operations for Converged OT and IT in Critical Infrastructure