Guidance, Protection, Peace of Mind.

Phone us
This article examines how accelerating state-linked cyber activity is reshaping business risk exposure beyond the geopolitical sphere. It explores emerging attack patterns, identity-driven intrusions and the governance implications for organisations operating in a connected global economy.

In today’s digital economy, cyber conflict is no longer confined to defence ministries and intelligence agencies. It runs through supply chains, cloud platforms, payroll systems and customer databases. The latest findings from CrowdStrike show that state-linked cyber activity, particularly associated with China, is accelerating sharply. While headlines often frame this as a geopolitical issue, the deeper story is about business risk on a global scale.

CrowdStrike’s 2025 Global Threat Report outlines a 150% surge in China-nexus cyber espionage activity in 2024. Certain sectors, including financial services, media, manufacturing and industrial engineering, experienced spikes of between 200% and 300%. Seven newly identified China-linked adversary groups were tracked during the year, signalling expansion rather than containment.

For governments, this raises national security questions. For businesses worldwide, it changes the risk equation entirely.

From Espionage to Enterprise Risk

State-aligned actors are no longer targeting only classified systems. They are probing the private sector because that is where valuable data, intellectual property and strategic leverage increasingly reside.

For multinational corporations, that means geopolitical tensions can translate directly into operational exposure. A manufacturer in Birmingham, a fintech firm in London or a logistics provider in Singapore may all find themselves indirectly entangled in state-level digital competition.

The Rise of Identity-Based Attacks

One of the most significant shifts identified by CrowdStrike is the dominance of malware-free intrusions. Approximately 79% of detected attacks relied on compromised credentials rather than traditional malicious software.

This matters because businesses have historically invested heavily in perimeter defences, antivirus software, firewalls and endpoint protection. When attackers log in using valid usernames and passwords, however, they often appear indistinguishable from legitimate employees.

For UK businesses in particular, this is a pressing concern. The UK is one of the world’s most digitised service economies, with heavy reliance on cloud infrastructure, remote work and global connectivity. Identity compromise in such an environment can spread laterally across networks quickly and quietly.

Speed as a Weapon

CrowdStrike’s report also highlights the rapid weaponisation of newly disclosed vulnerabilities. Once a software flaw becomes public, threat actors are exploiting it at increasing speed, dramatically shrinking the window for patching.

For global enterprises, this compresses response timelines. What was once a manageable IT maintenance task has become a race against automated exploitation. Organisations operating across multiple time zones and regulatory environments face particular complexity in coordinating rapid updates.

Cloud intrusions rose by 26% in the past year, often initiated through compromised accounts. As businesses migrate operations, data storage and software infrastructure to cloud platforms, the attack surface expands correspondingly.

AI and the Industrialisation of Deception

Another accelerating trend is the use of generative AI in social engineering. CrowdStrike reports a 442% increase in voice phishing between the first and second halves of 2024.

For businesses, this means fraud attempts are becoming more convincing and scalable. Deepfake-assisted calls impersonating executives, hyper-personalised phishing emails and AI-driven reconnaissance reduce the margin for human error. In sectors such as finance and professional services, both strong pillars of the UK economy, the reputational and financial stakes are high.

Why the UK Still Sits in the Crosshairs

While the implications are global, the UK occupies a uniquely exposed position. It is:

  • A major financial hub
  • A centre for advanced manufacturing and defence innovation
  • A key NATO member
  • Deeply integrated into transatlantic digital ecosystems

That combination makes British institutions, public and private, strategically relevant. A breach affecting a UK-based company can have ripple effects across Europe and North America. Supply chain interdependence means that even mid-sized firms may serve as gateways to larger strategic targets.

A Permanent Variable

The most sobering conclusion from CrowdStrike’s findings is that cyber conflict has become a permanent feature of the global economic landscape. Data is no longer just an asset; it is leverage. Access is not merely technical; it is strategic.

For British organisations and global enterprises alike, the lesson is clear. Cyber resilience is now inseparable from commercial resilience. Competitive advantage depends not only on innovation and growth, but on the ability to withstand persistent digital pressure.

The 150% surge in China-linked cyber activity is not simply a geopolitical statistic. It is a signal that the boundaries between national security and corporate security have dissolved. In this environment, preparedness is not optional. It is foundational to operating in a connected global economy.

How AJC Can Help

State-linked cyber escalation requires structured oversight, not reactive control changes. Organisations must understand whether their governance frameworks, identity controls and resilience planning reflect this evolving threat environment.

AJC supports organisations in assessing how cyber risk intersects with enterprise risk management. We review identity governance, supply chain exposure, cloud dependency and incident response maturity to ensure that resilience claims are proportionate and defensible.

Our focus is on strengthening governance and assurance rather than technical deployment. We help organisations embed resilience as a strategic capability rather than a compliance response.

In an environment where cyber activity is a permanent variable, governance maturity becomes a competitive advantage.

Contact us on 020 7101 4861 or email us at info@ajollyconsulting.co.uk if you think we can help.


Sources:

China-linked hackers targeting UK infrastructure within days of vulnerabilities being exposed, threat report warns | LBC

CrowdStrike Releases 2025 Global Threat Report: Cyber Threats Reach New Highs

In case you missed it...

Matthew Neall
Meet Matthew Neall

In this series, we introduce the people behind AJC. Following our introduction to Adrian Jolly, we are now spotlighting Matthew...

Read More
Is Your Business Prepared for a Major Cloud Outage?
Is Your Business Prepared for a...

This article examines how increasing reliance on hyperscale cloud providers is reshaping operational risk exposure. It explores concentration risk, governance...

Read More
geopolitics cyber security
Cyber Security in an Era of...

This article considers how geopolitical instability is influencing cyber risk exposure for organisations. It outlines emerging threat patterns and the...

Read More

Get in touch

    By submitting this form you are consenting that your data be handled in accordance with our Privacy Notice and we will be in touch regarding your enquiry.