The authorities have issued a cautionary note indicating that a severe digital assault on UK’s crucial infrastructure has a probability of 5–25% of occurring within the next couple of years.

The results stem from the recently published National Risk Register 2023 report. The report, in turn, is based on the government’s internal, confidential National Security Risk Assessment. It contemplates malevolent risks such as terroristic acts and digital offenses, along with non-malicious threats like significant weather events.

The report enumerates several digital-related hazards, including offenses on:

• Infrastructure of the gas industry
• Electricity system infrastructure
• Civilian nuclear facilities
• Fuel supply network
• Government agencies
• Health and social welfare systems
• Transportation sector
• Telecommunication networks
• Financial infrastructure of the UK (by state-level actors)
• A retail bank in the UK (by state-level actors)

In most instances, the anticipated offenses comprise “encryption, theft, or obliteration of crucial system-dependent data, or disruption to operational systems”. However, in the context of government-targeted offenses, there’s an additional threat of public trust erosion and/or election manipulation.

The analysis rates the likelihood of such offenses taking place in the ensuing two years as a “4” on a scale of 1–5, with 5 signifying the highest likelihood (>25%).

Even though technically this indicates that they are “highly unlikely”, and the aftermath is considered “moderate”, this still corresponds to an economic toll amounting to billions of pounds (rather than tens of billions), fatalities that could reach up to 1000 individuals, and injuries potentially affecting up to 2000 people.

The report also underscored artificial intelligence (AI) as a “chronic threat”. That is to say, it represents “continuous challenges that erode our economy, society, lifestyle, and/or national security.”

As per a World Economic Forum report published earlier this year, 86% of corporate leaders and 93% of digital security heads perceive that international geopolitical instability is “moderately” or “very likely” to precipitate a catastrophic digital event in the ensuing two years.