UK warned of rising hacktivism & cyber extortion by 2026

Hacktivist activity, cyber extortion and a more fragmented cybercrime ecosystem are likely to define the UK's cyber threat landscape in 2026, according to new forecasts from security researchers at Orange Cyberdefense.

The firm expects politically motivated hacking to become more visible and disruptive. It also anticipates that cyber extortion will affect a wider slice of society and that law enforcement pressure on major criminal groups will push activity into a broader range of smaller gangs.

Rising hacktivism

Orange Cyberdefense said it expects hacktivism in 2026 to become more pervasive and more consequential. It describes an emerging trend of "escalatory hacktivism", in which groups align with state-backed narratives and support hybrid warfare.

The researcher said this trend has shifted the focus of some hacktivist groups towards operational technology, including systems used in critical infrastructure. That includes environments that manage industrial processes and services.

Ric Derbyshire, Principal Security Researcher at Orange Cyberdefense, said the intent of such groups is becoming clearer even when claimed impact remains uncertain.

"In 2026, we will see hacktivism continue to become more pervasive and consequential. This expansion is characterised by an emerging trend that we call escalatory hacktivism, where groups align with state‐backed narratives and contribute to their host state's hybrid warfare efforts," said Derbyshire, Principal Security Researcher, Orange Cyberdefense.

Derbyshire said some previous attacks that follow this pattern have varied in impact. Some claimed successes have been exaggerated or fabricated. He said the underlying intent persists and that the technical ability of some groups is increasing.

The company expects a further rise in both the frequency and the severity of attacks on critical infrastructure. It forecasts more pronounced physical effects from some operations.

Defenders in these sectors already face ransomware incidents that start in IT systems. They also face state-driven espionage and prepositioning activity. Orange Cyberdefense said security teams now need to consider a widening mix of hacktivist threats that aim for overt disruption.

Extortion as societal risk

Orange Cyberdefense also expects cyber extortion to remain on an upward trajectory in 2026. It said the threat now extends beyond large enterprises and has become a broader societal issue.

The company's latest Security Navigator report found that the number of cyber extortion victims nearly doubled in a year. It reported an increase of 44.5% in so-called Cy-X victims and expects that trend to continue.

Derbyshire said attackers are adjusting their victim selection and moving towards organisations that may have fewer defences.

"In 2026, cyber extortion will continue to solidify itself as a major societal threat - no longer a concern primarily for businesses alone," said Derbyshire.

He said cybercriminals are increasingly targeting small businesses with limited cybersecurity budgets. They also continue to seek disruption of critical national infrastructure.

Orange Cyberdefense expects a shift in thinking about supply chain risk. It said organisations will move away from a view of supply chains as linear and start to treat them as complex networks of interdependence.

"The reality of our supply chains is that they are a dense web of interdependence, and any small weakness can be the catalyst for a large-scale attack," said Derbyshire.

Derbyshire pointed to emerging rules such as the UK's proposed Cyber Security and Resilience Bill. He said regulatory initiatives will place more emphasis on accountability, incident reporting and third-party risk management. The stated aim is greater resilience across interconnected supply networks.

Fragmented cybercrime

The forecasts also highlight structural change across the cybercrime economy. Orange Cyberdefense said the landscape will continue to fragment as more actors run sizeable operations.

The Security Navigator report found that the number of distinct actors nearly tripled during 2024 and 2025. The firm said earlier years often saw a single dominant group define criminal activity.

Law enforcement action has disrupted several high-profile gangs. Orange Cyberdefense said this has not reduced overall volume. It said takedowns have redistributed criminal work across multiple successor groups and new entrants.

"Far from signalling decline, the takedown of dominant groups has simply resulted in the redistribution of activity among various successors and emerging actors, further expanding the cybercrime landscape," said Derbyshire.

The company expects this fragmentation trend to intensify through 2026. It said defenders will face multiple highly productive groups that specialise in different stages of intrusion, monetisation and support.

Derbyshire said no single organisation can match this dispersed threat on its own.

"As this trend of fragmentation continues, the only way we can rise to the challenge and defend against the threat of multiple highly productive actors is through unprecedented global collaboration. In 2026, I expect we will see an uptick in global initiatives and public-private partnerships, ushering in a new era of knowledge to rival that of cybercrime actors," said Derbyshire.