UK organisations are reporting more suspected nation-state cyberattacks and paying larger ransomware demands, according to a new study by Armis Labs.
The research, based on a survey of 500 UK IT decision-makers, found that 54% have reported an act of cyberwarfare to the authorities, up from 47% a year earlier. It also found that 92% are concerned about the impact of cyberwarfare on their organisations.
The findings point to a risk environment shaped by geopolitics, artificial intelligence and persistent security weaknesses. Armis described a shift in cyber risk from an occasional crisis to a continuous operating condition for many organisations.
Ransomware costs
The figures show a sharp rise in the financial impact of ransomware. UK organisations with more than 1,000 employees reported an average ransomware payment of £7.71 million, up from £5.6 million in 2024/25.
The survey suggests ransom demands are starting to crowd out other security spending. Some 44% of UK respondents said their average ransomware payout now exceeds their annual cybersecurity budget.
Ransom payments are only one part of the total cost, with recovery spending and operational disruption adding to the financial impact. However, the report did not provide an average UK recovery-cost figure in the material published with the study.
Confidence gap
The results also point to a mismatch between self-assessed readiness and recent experience. Some 81% of UK respondents said they are confident in their organisation’s ability to detect and respond to coordinated cyberattacks.
Yet 39% said their organisation has previously been attacked and still has not adequately secured its environment. The report also found that 48% said their organisation was impacted by an AI-generated or AI-led attack over the past year.
Nadir Izrael, CTO and co-founder of Armis, said the pace of change is testing established approaches to defence.
“Cyberwarfare is now a constant condition. Attackers are operating at machine speed, while too many organisations are still trying to defend themselves with assumptions and structures built for a very different threat landscape. Nation-state capabilities, AI acceleration and unresolved security gaps are converging. For many organisations, it’s not a matter of if they’ll face a cyberwarfare attack, but when – and how truly prepared they are to defend themselves and protect their environment when it happens.”
Project delays
Cyberwarfare concerns are also delaying business change programmes. Some 46% of UK respondents said these concerns have delayed, stalled or stopped digital transformation projects. The study describes this as an interruption to innovation pipelines, as organisations prioritise risk reduction over change initiatives.
Supply chain decisions also appear to be shifting. Three-quarters of UK respondents said they are reconsidering suppliers and increasing cybersecurity investment as a direct result of rising geopolitical tensions.
Geopolitics featured heavily in the responses. Some 80% of UK respondents said geopolitical tensions have increased the threat of cyberwarfare, up from 74% in 2025.
AI security
Respondents also highlighted concern about AI-driven threats and the resources required to manage them. Some 80% of UK respondents said AI-powered attacks pose a significant threat to their organisation’s security, while 67% said most organisations underestimate the resources required to defend against them.
Budgets and skills remain constraints. Some 46% said their organisation lacks the budget and resources to invest in AI-powered security solutions, while 45% said it lacks the expertise to implement and manage them.
The report also suggests AI is changing the global balance of cyber power. Some 68% of UK respondents said generative AI is enabling smaller nations to become near-peer cyber threats, and 69% agreed that the weaponisation of AI will make cyber conflict a more persistent feature of global geopolitics.
Respondents also shared views on likely targets. Some 72% said cyberwarfare will increasingly target institutions representing the free press and independent thinking.
Perceived adversaries
When asked about the greatest cybersecurity risks, UK respondents most commonly identified Russia (62%), China (53%) and North Korea (35%), according to the report.
Marc Jones, regional director for the UK and Ireland at Armis, said cyberwarfare concerns are reshaping day-to-day business decisions.
“Cyberwarfare has moved from a distant geopolitical issue to a day-to-day business risk for UK organisations. When businesses are changing suppliers and reallocating budgets in response to geopolitical instability, it signals a shift from growth to a defensive posture. The organisations that will navigate this successfully are those that move from reactive security to actively understanding, prioritising and reducing their cyber exposure before threats materialise.”
The 2026 Armis Cyberwarfare Report is based on a study of more than 1,900 global IT decision-makers and proprietary data from Armis Labs, with the UK sample accounting for 500 respondents.
