The head of the UK’s National Cyber Security Centre says Britain is “fortunate” to have avoided a major attack already

A major cyber attack in the UK is a matter of “when, not if” according to the Ciaran Martin, the head of the UK’s National Cyber Security Centre (NCSC).

Speaking to The Guardian, Martin said the UK had been “fortunate” to avoid what’s called a category one (C1) attack. This is an attack that could cripple infrastructure, including the financial services industry.

He also predicted that an attack would most likely come in the next two years:

“I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack.”

In August 2017, insurance broker Lockton said UK firms are ”severely unprepared” for a cyber attack.

Regions that have already suffered from major attacks include the US, France and other parts of Europe. Martin says that total protection is impossible:

“Some attacks will get through. What you need to do [when it happens] is cauterise the damage.”

The WannaCry attack in May 2017, which was blamed on North Korea and disrupted hospitals, was only recorded as a category two (C2) attack.

Since the NCSC was founded in December 2016, it has recorded 34 C2 attacks and 762 C3 attacks, with WannaCry doing the most damage.