Why More Countries Now Have Access to Phone-Hacking Tools—And What It Means

The UK National Cyber Security Centre (NCSC) has documented a troubling trend: 100 countries now have access to commercial spyware tools—software that can secretly monitor phones and computers—up from 80 nations just three years ago. The NCSC shared this finding at the CYBERUK conference in Glasgow in 2026.

This 25% jump matters because it shows how quickly surveillance capabilities are spreading to nations that never had them before. Richard Horne, head of the NCSC, underlined another shift: the majority of serious cyberattacks against the UK now come from foreign governments rather than criminal groups acting for profit. That represents a fundamental change in who the real threat is.

How Spyware Tools Are Spreading

Commercial spyware platforms—think of them as off-the-shelf hacking toolkits sold to countries that can afford them—are becoming increasingly common. Tools like NSO Group's Pegasus and Paragon's Graphite exploit vulnerabilities in smartphones and computers that even their manufacturers don't know about (called zero-day exploits). Once these tools existed only in the hands of a few major powers. Now they're available to a much wider range of nations.

Worth flagging: The people being targeted by these tools have shifted. Spyware was once primarily used to monitor journalists, activists, and political dissidents. Now it's also being deployed against bankers and wealthy business people, suggesting that countries are using surveillance for financial gain, not just political control.

This pattern—powerful technology eventually reaching more hands once it's commercialized and sold—is not new. We saw it with signals intelligence equipment in the 1990s and with offensive cyber tools in the 2010s. When a capability becomes a product with a price tag, export controls struggle to contain it.

State Governments Are Now the Main Threat

For years, the biggest cybersecurity concern in the UK was ransomware—criminals encrypting data and demanding payment. Those criminal groups, many based in Russia, are still a serious problem. But the NCSC now flags state-sponsored operations as the primary strategic threat.

According to NCSC data, the UK experiences roughly four nationally significant cyberattacks every week. These aren't random or temporary intrusions; they are what security experts call advanced persistent threats (APTs)—attackers who burrow into networks and stay hidden for months or years, stealing data or waiting to cause damage.

The threat to critical infrastructure—power grids, hospitals, water systems—is described by the NCSC as "enduring and significant." This is not hyperbole: a sustained cyberattack on infrastructure could have immediate, tangible consequences for civilians.

How Countries Are Coordinating a Defense

The UK works with over 15 other countries—from Ukraine to South Korea—to share information about cyberattacks and coordinate responses. This network is increasingly important because now that smaller nations have access to sophisticated hacking tools, they can launch attacks that were once the exclusive domain of major powers.

In February 2026, the UK government announced that it had cut the time needed to respond to and fix cyberattacks by 84%. The government also launched a new cadre of cybersecurity professionals focused on protecting public services. Both moves signal that officials recognize the urgency: as attacks become more frequent and more sophisticated, the ability to detect and contain them quickly is critical.

Why Commercial Spyware Changes the Playing Field

Over the past 20 years, we have watched offensive cyber capabilities gradually spread. In the 2000s, hacking tools required serious technical skill and state backing to build and use. Today, commercial spyware platforms have flipped the equation: they hand advanced capabilities to whoever can pay for them, regardless of technical expertise.

Intelligence officials in the UK have warned for years about China's technological dominance and its potential to control global internet infrastructure. Those concerns became concrete in April 2022 when Citizen Lab (a research organization) discovered that spyware had infected computers on government networks connected to 10 Downing Street—the UK Prime Minister's official residence.

MI5 has also issued warnings to UK lawmakers about Chinese intelligence recruiting officials through social engineering—posing as headhunters or business people, then using blackmail or phishing attempts (emails designed to trick people into revealing passwords) to extract information.

What This Means for Businesses and Organizations

Russian-linked criminal groups remain the most immediate threat to UK businesses through ransomware. But the boundary between state-sponsored cyberattacks and criminal activity is blurring. That makes it harder for companies to figure out who is attacking them and how to respond.

Analysis: The jump from 80 to 100 nations with spyware access in three years shows that proliferation is accelerating faster than export controls can contain it. This suggests that organizations—not just governments—need to build defenses that assume they might face attackers with resources and sophistication once reserved for nation-states.

The UK ranks third globally in exposure to cyber threats, and faces roughly 100 million detected threats each quarter. That reflects both the country's economic importance as a target and growing visibility into sophisticated attack campaigns.

In this author's view, the merging of state-sponsored operations with widely available commercial spyware marks a real inflection point. Enterprises—especially those handling sensitive data or critical services—increasingly need to adopt the same defensive strategies that governments and infrastructure operators have long used. The assumption that "we're not important enough to attract state-level attackers" no longer holds.