A sharp rise in concern about nation-state cyber activity has emerged, with 88% of cyber security and information security leaders in the UK and US warning that state-sponsored attacks now pose a significant business risk, according to IO’s latest State of Information Security Report.

The report shows growing frustration with government action, with a third of organisations saying national efforts are not sufficient.

Chris Newton-Smith, CEO of IO, said: “When it comes to threats facing CNI, there is a significant national effort going into protecting vital assets. However, at the same time, it also carries a stark warning. If an organisation is connected to the right systems, servicing critical infrastructure, or simply handling sensitive data, it could be targeted by nation-state adversaries.

“The fact that 88% of organisations are concerned about this threat is a clear indicator that geopolitically linked cyber risk is now a strategic concern, not just a technical one.”

Data loss and inaccessibility were the top fears highlighted by IO's report, followed by reputational and supply chain risks. The pressure has intensified as 89% of organisations suffered a cyber incident in the past year. Seventy-one percent received fines, with nearly one-third paying more than £250,000.

Most affected businesses are now increasing investment in resilience, according to the data. IO found that 74% of leaders are strengthening defences and almost all concerned organisations are updating response plans, expanding threat intelligence and reinforcing supply chains.

Sam Peters, chief product officer at IO, commented: State-level cyber activity is now a real concern for businesses and resilience, not retaliation, will be the accurate measure of national and corporate defence in 2026. Organisations that understand their exposure, test their defences, and secure their supply chains will be best placed to withstand the next wave of attacks.”

IO’s report involved a sample of 3,001 cyber security and information security managers in the UK and US.



Listen to IO's latest podcast on cyber risk.

See the current issue of CIR Magazine for more on IO's report.