In 2026, the UK public sector finds itself operating in one of the most unstable cyber threat environments in modern history. Threat actors from organised cybercriminals to state‑aligned groups are exploiting geopolitical tension, accelerating AI‑powered attacks, and taking advantage of long‑standing structural weaknesses across government, local authorities, policing, healthcare, and essential services.
As Shaun Conway, Director of Business Development at D2NA, explains:
“The public sector has always been a high‑value target, but 2026 feels different. The threat landscape is moving faster than many organisations can adapt and global conflicts are adding fuel to the fire.”
Below, we explore the key risks shaping public‑sector cyber resilience this year, drawing on global intelligence, sector‑specific insights, and real‑world incidents to illustrate why the UK must stay especially vigilant.
Geopolitical Conflict Is Expanding the Attack Surface
Ukraine: A continuing catalyst for hybrid warfare
Russia’s war on Ukraine remains one of the defining influences on the global cyber climate. Missile strikes in early 2026 reached their highest intensity since the conflict began and unfortunately there are little signs of a resolution being met in the imminent future.
Cyber warfare surrounding the Russia‑Ukraine conflict continues to spill over into Europe. UK government, academia, and research sectors remain prime targets for Russian‑aligned espionage and disruption operations, a trend already visible in Microsoft’s global threat analyses from 2025, where Russia was named among the most active nation‑state adversaries targeting the UK public sector.
Shaun comments: “Russia’s cyber apparatus is strategic and persistent. Even when the UK is not the primary battleground, our role as an ally means public‑sector bodies are continually on the radar.”
Iran: A rapidly escalating threat in 2026
The conflict involving Iran in early 2026 has had an immediate and significant impact on cyber activity worldwide. Coordinated US-Israel strikes in February 2026 triggered retaliatory missile and cyber operations, as well as a surge in Iranian‑linked hacktivist activity across social platforms and global infrastructure.
By March, Iranian cyber groups have already reactivated dormant personas, launched large‑scale DDoS and hack‑and‑leak campaigns, and targeted governments across the Middle East, Europe, and North America. Groups have even claimed access to industrial control systems and government platforms across multiple regions.
These developments are critical for UK public‑sector leaders to understand. As Shaun notes:
“When conflicts flare around the globe, cyber ripple effects do not respect borders. UK councils, police forces, and healthcare providers become soft‑target opportunities for ideologically motivated or opportunistic spillover attacks.”
AI‑Driven Attacks Are Becoming Faster, Cheaper, and Harder to Detect
Public‑sector organisations are being hit by increasingly automated, AI‑enhanced tactics that blend social engineering with technical exploitation. According to global research by PwC, 2026 marks a structural shift in cyber operations: identity‑based attacks, generative‑AI deception, deepfake impersonation, and automated intrusion pipelines are now mainstream.
Endpoint compromise, credential theft, and identity spoofing are becoming attackers’ preferred points of entry, aligning with last year’s evidence that adversaries increasingly “log in rather than break in” using legitimate credentials.
Shaun highlights the implications for UK public bodies:
“We are now dealing with AI‑paced attacks that operate at machine speed. Deepfakes, synthetic voice spoofing, and automated penetration agents have transformed the threat. Public‑sector teams must assume identity can be faked and behaviour can be manipulated.”
The increased adoption of AI across government services, from case‑management systems to predictive analytics in policing also introduces new systemic risks. Palo Alto Networks’ public‑sector outlook for 2026 warns that AI systems can act autonomously, making identity governance and machine‑identity management critical priorities.
Legacy Infrastructure and Resource Pressures Remain a Critical Weakness
The UK public sector continues to rely heavily on outdated systems, fragmented estates, and constrained IT budgets, conditions that attackers intentionally exploit. Microsoft’s 2025 threat data showed that legacy technology and limited internal IT capacity place government and public services among the most frequently targeted sectors worldwide.
These challenges persist in 2026. The speed of modern cyberattacks far outpaces the detection and response capabilities of many older public‑sector environments, especially where services are heavily digitised, but monitoring is under‑resourced.
Shaun sees this reality every day in D2NA’s work with councils and police forces:
“Legacy estates and budget constraints do not just slow down innovation; they create real security gaps. When systems cannot be patched quickly or monitored effectively, attackers exploit them with alarming ease.”
Supply Chain Fragility and Third‑Party Risk Are Growing Exponentially
Public‑sector delivery models depend on an interconnected network of managed service providers, cloud platforms, software vendors, payment systems, and citizen‑facing services. This creates an expanding attack surface beyond the organisation’s direct control.
Sector research shows that supply‑chain exposures remain one of the most dangerous and least visible risks. Software‑provider breaches, MSP intrusions, and cloud misconfigurations can cascade across multiple authorities at once, triggering widespread service disruption.
The risk is even higher during geopolitical crises, where globally distributed suppliers may themselves be impacted by data‑centre resilience challenges or targeted attacks. For example, IDC warned that Middle East conflict is already affecting cloud and data‑centre stability, sovereign‑infrastructure planning, and cybersecurity readiness across the region, with potential knock‑on effects for global supply chains.
Public Trust Is Increasingly at Stake
Cyber incidents in public services are uniquely impactful: they disrupt essential functions, erode citizen trust, and expose sensitive personal data. Real‑world attacks in recent years, including major ransomware events affecting well known organisations (for example M&S, Co-op, Legal Aid) showcase this.
With 78% of public‑sector breaches linked to social engineering, system intrusion, or human error, and 71% driven by financial motive, the importance of strong identity protection, workforce cyber awareness, and Zero Trust principles has never been clearer.
Shaun summarises the public‑trust challenge:
“Citizens rely on public services to function, from policing and social care to waste management and housing. When cyber incidents take these systems offline, the impact is immediate, visible, and deeply damaging to public confidence.”
What Public‑Sector Leaders Must Prioritise in 2026
Drawing on these global and sector‑specific insights, several clear priorities emerge:
Modernise the security foundation
Cloud migration, Zero Trust architecture, aggressive patching, and segmentation remain essential
Secure AI systems and identity at scale
Protect machine identities, validate authenticity, and govern AI models against data poisoning and misuse.
Strengthen supply‑chain scrutiny
Mandate secure‑by‑design vendor requirements and continuous monitoring of third‑party risk.
Build cyber‑aware workforces
Training, phishing simulations, and incident rehearsals can materially reduce human‑layer vulnerabilities.
Prepare for geopolitical spillover
Maintain heightened vigilance, especially for DDoS, ransomware, credential attacks, and hack‑and‑leak operations linked to the Iran conflict.
Shaun’s final advice:
“Public‑sector leaders should not wait for the next geopolitical flashpoint or ransomware headline. The risks are already here, but with the right strategy, the right tooling, and the right partners, it is possible to build resilience.”
How D2NA can help…
“At D2NA we have developed our framework, CyberAscend, which is our roadmap for any organisation to understand their current security posture, and the clear steps that need to be taken to improve it.”
To find out more contact the D2NA team today to start your journey.
We also have tailored CyberAscend journeys for Fire & Rescue, Government and Police and other public sector entities.