Over half (54%) of UK companies were hit by nation state attacks last year as IT leaders grew increasingly fearful of AI-powered threats, according to a new report from Armis.
The security vendor’s 2026 Armis Cyberwarfare Report was based on interviews with 1900 global IT decision-makers (ITDMs), including 500 from the UK, alongside proprietary data from Armis Labs.
It revealed an increase in the number of UK ITDMs reporting state-sponsored attacks, up from 47% in last year’s report.
Some 80% said geopolitical tensions have increased the threat of cyber warfare – up from 74% last year – while 92% are concerned about the impact of a full-scale cyber war. Over three-quarters (76%) said they believe state actors could cripple critical infrastructure worldwide.
Read more on cyberwarfare: UK MoD Launches New Cyber Warfare Command.
The interviews for the report were held in November and December 2025. However, a growing number of organizations no longer believe the threat of "mutually assured disruption" is an effective detterent to state actors.
In the wake of mounting Iranian attacks on physical and digital infrastructure, including medtech firm Stryker last week, the report’s findings would no doubt be even more emphatic.
Iran’s Handala group claimed in an online post that it wiped “over 200,000 systems, servers, and mobile devices” and exfiltrated 50TB of the US company’s data.
Fears AI Weaponization Is Fueling Nation‑State Cyber Threats
One of the biggest concerns UK ITDMs have is of the advantage AI may give to nation-state adversaries.
Some 69% agreed that the weaponization of the technology will make cyber conflict a more persistent feature of global geopolitics, and half (48%) admitted their organization was struck by an AI-generated/led attack over the past year.
Yet 45% claimed they lack the expertise to implement and manage AI-powered security solutions, and a similar share (46%) said the same about budget.
Nadir Izrael, CTO at Armis, argued that cyber warfare is a “constant condition.”
“Attackers are operating at machine speed, while too many organizations are still trying to defend themselves with assumptions and structures built for a very different threat landscape,” he added.
“Nation-state capabilities, AI acceleration and unresolved security gaps are converging. For many organizations, it’s not a matter of if they’ll face a cyber warfare attack, but when – and how truly prepared they are to defend themselves and protect their environment when it happens.”
Russia (62%), China (53%) and North Korea (35%) were identified as posing the greatest cybersecurity risk.
Nation states can also impact their geopolitical rivals by harboring cybercriminals that strike targets abroad, as Russia does.
The average ransomware payment at UK firms with 1000+ employees rose from £5.6m ($7.5m) to £7.7m ($10.3m) in a year, with 44% of respondents admitting their average ransomware payout now exceeds their annual cybersecurity budget, Armis said.