Info Gov

The Cabinet Office has added seven new risks to the National Risk Register, including interference in the UK's democratic process and cyber attacks on data infrastructure, water infrastructure and police systems.

In his Annual Resilience Statement on 14 July, Chief Secretary to the Prime Minister Darren Jones told Parliament that the evolution of artificial intelligence demand attention, with the register citing a rapid increase in the sophistication and proliferation of AI as context for the new cyber risk entries. "AI offers new ways for criminals to carry out cyber-attacks against us, as well as offering huge opportunities for our economy and security," Jones said.

The additions to the register comprise: the risk of interference in the UK's democratic process, following the announcement last week of new safeguards including tougher checks on company donations and a cap on overseas donations; cyber attacks on data infrastructure, water infrastructure and police systems; and "digital resilience failure", an entry building on lessons learnt from the CrowdStrike IT outage of July 2024. #

The National Risk Register is the government's assessment of the most significant risks facing the UK and the public-facing version of the classified National Security Risk Assessment. It is a planning tool designed to help professionals prepare for risks rather than a prediction of future events.

A consultation launched today will explore giving regional mayors a formalised, broader role in local resilience alongside existing structures such as Local Resilience Forums, under a review of the Civil Contingencies Act 2004. The government considers the Act broadly fit for purpose, with the consultation fulfilling its duty to carry out regular reviews of the legislation.

A national resilience campaign will launch later this year to encourage the public to take simple steps to improve household resilience to risks including cyber attacks, flooding and severe weather. Building on existing guidance on GOV.UK Prepare, the campaign will bring the UK in line with European peers and include new resources for schools and colleges.

Jones also announced that the Home Defence Programme will deliver the largest UK home defence exercise in decades in 2027. The multi-day exercise, named Operation ALBISTON SHADOW, will test government preparedness for hybrid attacks against the UK, with the precise scenario remaining classified, and will complement NATO's forthcoming CMX27 exercise. Classified government crisis plans known as the "War Books", coordinated by the Cabinet Office, are also being updated for the first time since 2004.

Louise Sandher-Jones MP, Minister for the Armed Forces, said Russia was not only a threat to NATO's eastern flank but a direct threat to the UK homeland, and that the exercises and updated War Books would help prepare the country to meet that threat.

Professor Dame Angela McLean, Government Chief Scientific Adviser, said the science was clear that taking simple, practical steps in advance strengthens collective resilience and helps keep people safe if disruption occurs.

The updated National Risk Register and the Annual Resilience Statement are available via GOV.UK: https://www.gov.uk/government/news/risk-of-democratic-interference-added-to-national-risk-register.

Also in this section

Jul 16, 2026

Scattered Spider pair jailed over TfL hack

Two members of the Scattered Spider hacking collective have each been jailed for five and a half years at Woolwich Crown Court on 16 July over a 2024 cyber attack on Transport for London that compromised the personal data of millions of customers and cost the transport authority £39 million.
Jul 15, 2026

Government introduces mandatory data breach reporting protocol

The Cabinet Office has published a Model Action Plan setting out a single cross-government framework that all departments and arms-length bodies must follow when responding to significant personal data breaches, introducing mandatory central reporting of such incidents for the first time.
Jun 29, 2026

"Five eyes" warn on accelerating cyber security threat from AI

The National Cyber Security has called on organisational leaders to treat cyber resilience as a core business and governance responsibility rather than a technical matter in the light of a report by the Five Eyes intelligence alliance on the "fundamental" impact of AI on the speed and scale of cyber threats.
Jun 15, 2026

Government AI hackathons uncover 407 vulnerabilities across nine departments, including critical remote code execution flaw

A pilot programme using frontier AI models to scan public-sector code repositories has identified 407 security findings across nine government organisations, including a critical vulnerability that could have allowed an external attacker to execute arbitrary code on a key digital service, the Department for Science, Innovation and Technology (DSIT) and the National Cyber Security Centre (NCSC)…

InfoGov Masthead Newsletter 800