UK organisations are increasingly reporting suspected nation-state cyberattacks and facing heightened ransomware demands, according to a new study by Armis Labs. The research, which surveyed 500 UK IT decision-makers, revealed that 54% have reported an act of cyberwarfare to authorities, a rise from 47% in the previous year. Additionally, a staggering 92% expressed concern over the impact of cyberwarfare on their operations.
The findings underscore a precarious risk environment shaped by geopolitical tensions, the rise of artificial intelligence, and ongoing security vulnerabilities. Armis characterized the shift in cyber risk from an infrequent crisis to a constant operational challenge for many organisations.
Ransomware costs
The report documented a significant increase in the financial burden of ransomware attacks. UK organisations with over 1,000 employees reported an average ransomware payment of £7.71 million, a notable rise from £5.6 million in 2024/25. Alarmingly, 44% of UK respondents indicated that their average ransomware payout now surpasses their annual cybersecurity budgets. This trend reflects a growing concern that ransom payments are overshadowing other critical security expenditures.
Beyond ransom payments, the overall cost of such attacks is exacerbated by recovery expenses and operational disruptions. However, the report did not disclose an average recovery cost for UK organisations, leaving a gap in understanding the full financial impact.
Confidence gap
The study also highlighted a disconnect between self-perceived readiness and actual security measures. While 81% of respondents expressed confidence in their organisations’ ability to detect and respond to coordinated cyberattacks, 39% reported having been attacked previously without adequately securing their environments. Moreover, nearly half, or 48%, acknowledged being impacted by an AI-generated or AI-led attack in the past year.
Nadir Izrael, CTO and co-founder of Armis, noted that the rapid pace of change in cyber threats is challenging traditional defence strategies. “Cyberwarfare is now a constant condition. Attackers are operating at machine speed, while too many organisations are still trying to defend themselves with assumptions and structures built for a very different threat landscape,” he said. “For many organisations, it’s not a matter of if they’ll face a cyberwarfare attack, but when.”
Concerns over cyberwarfare are also disrupting business transformation initiatives. Approximately 46% of respondents indicated that such worries have delayed, stalled, or halted digital transformation projects, with organisations prioritising risk mitigation over innovation.
Further, supply chain decisions are evolving in response to these geopolitical tensions. Three-quarters of UK respondents reported reconsidering their suppliers and increasing cybersecurity investments due to rising threats from nation-states.
Geopolitics plays a significant role in shaping perceptions of risk. About 80% of respondents believe that geopolitical tensions have intensified the threat of cyberwarfare, an increase from 74% noted in 2025.
AI security
AI-driven threats have emerged as a significant concern, with 80% of respondents stating that AI-powered attacks pose a substantial risk to their organisations’ security. Furthermore, 67% believe that many organisations underestimate the resources necessary to defend against such threats. Budget constraints remain a barrier, as 46% indicated their organisations lack the financial resources to invest in AI-powered security solutions, while 45% cited a lack of expertise in implementing and managing these technologies.
The report also suggests that AI is shifting the global cyber power balance. Some 68% of respondents believe that generative AI is enabling smaller nations to emerge as near-peer cyber threats, while 69% agree that the weaponisation of AI will lead to a more persistent feature of cyber conflict in global geopolitics. Furthermore, 72% anticipate that future cyberwarfare will increasingly target institutions representing the free press and independent thought.
Perceived adversaries
In identifying the most pressing cybersecurity risks, UK respondents most frequently cited Russia (62%), China (53%), and North Korea (35%). Marc Jones, regional director for the UK and Ireland at Armis, remarked that these cybersecurity concerns are reshaping daily business decisions. “Cyberwarfare has moved from a distant geopolitical issue to a day-to-day business risk for UK organisations. When businesses are changing suppliers and reallocating budgets in response to geopolitical instability, it signals a shift from growth to a defensive posture,” he stated.
The 2026 Armis Cyberwarfare Report is based on a comprehensive study of over 1,900 global IT decision-makers, with the UK sample consisting of 500 respondents, reflecting a growing urgency for organisations to reassess their cybersecurity strategies in an evolving threat landscape.
See also
AI Agents Uncover Cyberattack Methods Independently, Researchers Warn of Risks
AI-Driven Cyber Attacks Surge, Leaving 29% of Public Sector Breached in 2025 Study
Microsoft Enhances AI Observability to Mitigate Security Risks in GenAI Deployments
Cybersecurity Startups Revolutionize 2026 with AI and Zero Trust Solutions
South Africa Surpasses 40% of Africa’s Cyberattacks as AI Threats Intensify
