Cyber attack - telecommunications systems

This risk is featured in the full matrix, representing the averages of multiple different scenarios presented together in the ‘cyber attacks on infrastructure’ category.

Impact 5
risk indicator
ID 11
Risk theme Cyber
Impact & Likelihood
Impact key
5 Catastrophic
4 Significant
3 Moderate
2 Limited
1 Minor
Likelihood key
5 >25%
4 5-25%
3 1-5%
2 0.2-1%
1 <0.2%


Telecommunications is part of the communications critical national infrastructure (CNI) sector, and comprises fixed-line communications, mobile communications and internet infrastructure. Due to the critical services telecoms networks provide to the UK, they represent a valuable target for cybercriminals, therefore building our security and resilience capabilities is paramount. Communication providers are responsible for assessing risks and taking appropriate measures to ensure the security and resilience of their networks.

The Department for Science, Innovation and Technology (DSIT), as the lead government department, introduced the Telecommunications (Security) Act 2021 and subsequent secondary legislation, which establishes a new and robust security framework, underpinning requirements to ensure the sector builds and operates secure networks


A disruptive and sophisticated cyber attack against a major UK telecoms network provider would affect millions of customers. This includes customers on other networks that connect or route through the impacted network, as well as impacting services provided by other CNI sectors. Impacts to broadband, landline and mobile would mean that customers are unable to access the internet or make voice calls. All customers without fixed-line and mobile connections are unable to access the Public Emergency Call Service (999/112), among other critical services. Depending on the nature of the attack, disruption could last for up to 72 hours, but could extend into weeks or months. In extremes, a contingency service could be put in place (potentially within a fortnight).

Key assumptions

The cause and extent of network disruption may not be known immediately and it may be difficult to identify a cyber-telecoms attacker, whether it is a state threat, cybercriminal or hacktivist. Certain state actors have displayed capabilities to attack telecoms networks. Although the UK has not seen an attack at the scale described, it is plausible that under specific circumstances, state actors may demonstrate their intent to disrupt telecoms networks.


There are numerous variations of this risk in terms of attack vectors, scale, services and sectors impacted, and length of disruptions. The types of cyber threats facing the UK telecoms sector are evolving and diversifying with cyberspace becoming more contested as state and non-state actors seek strategic advantage through advanced technological capabilities. Similar disruptions could also occur from issues other than a cyber attack, such as misconfiguration, accidental disruption and software failures.

Response capability requirements

Telecom operators are required to notify Ofcom of an incident, and consider seeking National Cyber Security Centre (NCSC) and DSIT support to enact a mitigation and response strategy. The overall handling process is underpinned by the Cabinet Office Cyber Incident Management Plan in conjunction with NCSC and DSIT cyber incident processes. The telecoms sector’s National Emergency Alert for Telecoms would likely be activated due to impacts on multiple operators. The focus of government and local partners should be to mitigate impacts on the most vulnerable.


Full remediation could take months or even years depending on actual or perceived cyber contamination of equipment. Communications recovery timeframes are unknown for other impacted CNI sectors, but again, millions could be affected.