**Which Countries are Best-Placed to Resist State-Supported Cyber-Attacks?**

A government advisor explains how some nations have transformed themselves into leaders in cybersecurity, and what lessons can be learned from their success.

In April 2007, the Baltic nation of Estonia was hit by one of the world's first major cyber-attacks on civil society carried out by a state. A series of massive "distributed denial of service" assaults targeted government websites, banks, media outlets, and online services for weeks, slowing or shutting them down.

These cyber-attacks followed Estonia's decision to relocate a Soviet-era war memorial and war graves from the centre of the capital city, Tallinn, to a military cemetery. Amplified by false reports in Russian media, this sparked nights of protest and rioting among Russian-speakers in Tallinn – and cyber chaos throughout the country.

Though the cyber-attack was never officially sanctioned by the Kremlin, the "faceless perpetrators" were later shown to have Russian connections. Estonia has since transformed itself, in part through voluntary initiatives such as the Cyber Defence Unit (a network of private-sector IT experts), into a leader in this field.

Today, it is home to Nato's Cyber Defence Centre of Excellence, and ranks fifth in the International Telecommunication Union's global cybersecurity index – alongside the UK. But in many ways, Estonia is far ahead of Britain in its cybersecurity planning. A 2025 government review found that nearly one-third of the UK's public sector IT systems were "critically vulnerable" due to historical underinvestment – with some aspects of the police and NHS at particular risk.

**The UK's Cybersecurity Challenge**

International cyber-attacks on the UK increased by 50% last year. "Nationally significant" incidents rose from 89 to 204 – including, in September 2025, a major ransomware attack on Jaguar Land Rover that halted production for a month, causing losses of around £1.9 billion.

Amid these threats, the UK government recently launched its Cyber Action Plan and held the first ever cross-party international security briefing – co-chaired by the National Cyber Security Centre's CEO, Richard Horne. So can this more preemptive approach staunch the flow of cyber-attacks on the UK?

**What Works in Cyber Defence?**

In my experience of advising European and Asian governments on cybersecurity matters, the problem is that nothing is ever urgent – until everything is. A key worry for British ministers is that an attack on government systems could shatter public trust.

Imagine welfare benefits going unpaid, tax returns being ignored, and health records frozen amid a major ransomware crisis. The new plan prioritises central government digital services including tax, benefits, health records, and identity verification. Pledging £210 million in additional funding, it promises to address the difficulty of attracting highly paid private-sector engineers, analysts, and penetration ("pen") testers to the public sector.

However, establishing a Government Cyber Unit is welcome, its phased rollout to 2029 feels too leisurely amid the level of threats the UK (and other countries) now face. Groups linked to Russia and China in particular are dramatically increasing the volume and sophistication of cyber-attacks.

**The US: A Leader in Cyber Defence**

The US is in a league of its own when it comes to cyber-defence. The federal government alone spends an annual US$25 billion (£18 billion) on defending its IT systems, compared with the UK's £2-2.6 billion. Australia's budget – A$6.2 billion (£3.2 billion) – also exceeds the UK's, despite its much smaller population.

It enforces strict rules such as 12-hour critical incident reporting and, most importantly, has prioritised investing in new technologies. Countries that are ahead of the cybersecurity curve show the same ingredients work: mandatory rapid reporting of incidents, serious investment in AI-powered monitoring, real-time sharing of information between government and private sectors, and strong international partnerships.

**Cyber-Attack Evolution**

What came as a shock to Estonia in 2007 has been hitting European institutions and infrastructure for years now. Since Russia launched its full-scale invasion of Ukraine four years ago, it has woven cyber operations much more closely into its hybrid warfare playbook.

In 2022, there were more than 650 documented attacks by pro-Russian groups, of which only 5% targeted Ukraine – the rest focused on Nato and other EU countries. In contrast, China has tended to prioritise stealthy, long-term espionage, including the UK Ministry of Defence payroll breach in 2024.

**Lessons for the UK**

To keep pace with these threats, the UK needs to lean harder into its alliances, including with Nato and the EU. It should insist on compulsory AI-threat training across government and key industries, and show more willingness to expose attackers publicly.

A timely but measured response should at least raise the risk (and cost) of the next cyber-attack for its state-sponsored perpetrators.