Summary
In June 2025, activists from Palestine Action breached RAF Brize Norton, the UK’s largest Air Force base. Using electric scooters to slip past security, they vandalised two Airbus Voyager aircraft with paint and crowbars, leaving behind a flag and a security headache. Just months earlier, in late 2024, unauthorised drone flights were detected over multiple US-operated RAF bases in Britain, including Lakenheath and Mildenhall. Despite military surveillance and countermeasures, the drone operators were never identified.
These were not isolated events.
In early 2024, a water treatment facility in the Midlands suffered a sudden systems failure when multiple valves were remotely tampered with. Pressure dropped, distribution halted, and supply to over 10,000 homes was disrupted. Shortly before the failure, staff had reported suspicious drone activity near the perimeter fencing, an incident never publicly claimed, but quietly investigated under national infrastructure protocols.
From military installations to civilian utilities, sabotage in the UK is growing bolder, more targeted, and increasingly strategic.
The Hard Numbers Behind the Threat.
- The UK recorded a 68% increase in sabotage-related incidents in 2024 compared to the previous year.
- The NPSA (formerly CPNI) and NCSC tracked over 1,300 incidents targeting infrastructure, manufacturing, energy, water, and logistics.
- Physical breaches rose by 42%, with insider-enabled incidents accounting for nearly 1 in 5.
- The most affected sectors included transport, energy, defence supply chains, and utilities.
This isn’t just cyber. It’s hybrid: physical, digital, and behavioural vulnerabilities exploited in tandem. Many of these threats are quiet probes — designed not to destroy, but to test, monitor, and send signals.
Who’s Behind It? A Mix of State and Non-State Actors
Security agencies have linked many incidents to foreign intelligence gathering and influence operations, particularly from Russia, China, and Iran. These actors increasingly use third parties, activists, proxies, and even commercial drones to conduct low-cost, deniable sabotage.
But threats don’t only come from outside. Insider involvement is on the rise, whether ideological, coerced, or financially motivated.
What the Future Holds
Sabotage is shifting from rare disruption to persistent pressure. As AI-enhanced surveillance and autonomous drones become cheaper, expect more silent intrusions. Critical infrastructure and private industry alike will face the same question: Are you ready to detect and respond before disruption hits? Proactive investment in security, intelligence-sharing, and risk forecasting will define tomorrow’s leaders, not just survivors.
Top Tips for UK Businesses and Industry
- Understand the Threat Landscape
Sabotage is a strategic tactic, not random vandalism. Tailor your risk models to reflect geopolitical, social, and technological realities. - Secure Your Physical Sites
Invest in layered access control, drone detection, perimeter sensors, and rapid response protocols, especially in remote or infrastructure-critical locations. - Monitor for Insider Threats
Implement robust screening, behavioural monitoring, and staff education. Foster a “see something, say something” culture without compromising trust. - Build Resilience, Not Just Defence
Focus on redundancy in systems, fail-safes, and supply chain alternatives. Assume disruptions will happen, and prepare to operate through them. - Collaborate with Authorities and Peers
Work with the NPSA and NCSC, join trusted industry forums, and contribute to shared threat intelligence. Collective awareness builds a stronger defence.
Sabotage is a Message: Are You Listening?
Each intrusion, breach, or silent probe is a signal, not just an attack. Businesses that treat sabotage as a sign of broader instability can move from defence to strategy. The most resilient firms are not just protected; they’re prepared, connected, and adaptive.
Sabotage isn’t always loud. Sometimes it just loosens a valve.
