“I think the worst-case scenario is probably something affecting financial services or energy provision, because of the potential cascading effects of either of those two”, says RUSI analyst Jamie MacColl.
“The good news is the financial sector is by far the most heavily-regulated sector in the UK for cyber security. And I think it’s quite telling, there’s rarely been a very impactful cyber attack on a Western bank.”
The outlook, were there an attack on the energy sector, is not clear.
A 2015 study by Lloyds Bank, entitled “Business Blackout”, modelled the impact of a hypothetical attack on the US power grid, concluding that economic losses could exceed $1 trillion (£742bn). However Mr MacColl believes that in the UK, there is probably enough spare capacity in the grid to deal with a cyber incident.
More concerningly, Mr MacColl thinks the UK has had “quite a laissez-faire approach to cyber security over the past 15 years”, with the issue given little priority by successive governments.
He believes that this year’s major attacks may be the “cumulative effect of a kind of inaction on cyber security, both from the government and from businesses, and it’s sort of really starting to bite now”.
That inaction, he says, needs to change, with both regulators and large businesses taking more responsibility.