David TaylorThe UK government revealed on 9 April 2026 that Royal Navy forces spent more than a month tracking three Russian submarines operating covertly near critical undersea cables north of the UK. Defence Secretary John Healey confirmed that the vessels — an Akula-class nuclear attack submarine and two specialist spy submarines from Russia's Main Directorate of Deep Sea Research (GUGI) — were surveying the very cables that carry 99 per cent of global internet traffic.
"We see your activity over our cables and our pipelines," Healey told reporters, "and you should know that any attempt to damage them will not be tolerated and will have serious consequences."
What Russia Was Actually Trying to Do
GUGI is not a conventional naval force. According to NATO analysts, it operates a long-running programme designed to map undersea infrastructure during peacetime — and to sabotage it in conflict. The organisation deploys research ships, specialist submarines, remotely operated vehicles, and in some cases divers and explosives.
The two spy submarines that accompanied the decoy attack sub are specifically designed to survey energy pipelines and data cables. Those cables connect the UK to the global internet. In November 2025, similar Russian activity was linked to cable severances in the Baltic Sea between Sweden and Lithuania, and between Germany and Finland. The UK now faces the same threat on its own doorstep.
According to the British Ministry of Defence, the UK has seen a 30 per cent increase in Russian vessels operating near UK waters over the past two years. The joint operation with Norway involved more than 450 flying hours, a Royal Navy frigate covering several thousand nautical miles, and 500 British personnel. The Russian vessels eventually departed after the month-long deterrence operation.
Why This Matters for UK Businesses
Undersea cable sabotage is not just a military concern. When these cables are cut — accidentally or deliberately — the effects ripple through every UK business that depends on cloud services, international communications, payment processing, or remote working.
A major cable disruption could affect:
- Cloud hosting services routed through international data centres
- VoIP and video conferencing platforms relying on transatlantic bandwidth
- Financial transaction systems dependent on low-latency international links
- Customer data backups hosted outside the UK
The 2022 severing of the Svalbard undersea cable left parts of Norway temporarily without internet. A targeted attack on cables near UK shores could be far more disruptive.
IT security specialists are increasingly warning that state-backed threats to physical internet infrastructure require businesses to rethink their resilience strategies — not just their software defences.
What the UK Government Is Doing
The government has authorised the Royal Navy to intercept ships suspected of being part of Russia's "shadow fleet" — tankers carrying oil in violation of international sanctions. Healey has stated that Britain is "ready to take action" against these vessels, signalling a more assertive posture toward Russian maritime activity.
From a cyber perspective, the National Cyber Security Centre (NCSC), part of GCHQ, has already issued guidance to UK businesses about state-backed threats to critical national infrastructure. However, the NCSC's guidance has historically focused on software-based attacks. The revelations about GUGI's undersea mapping operation suggest that physical infrastructure disruption is now a realistic — not just theoretical — risk.
What IT Experts Say Businesses Should Do Now
An IT security consultant can help your business assess its specific exposure to undersea cable disruptions and build a resilience plan. The key areas to review include:
Connectivity redundancy. Does your business have failover routes that use different cable paths? Many UK SMEs rely on a single broadband provider routing through a single cable path without realising it.
Cloud provider geography. Hosting all workloads with a single cloud provider in a single region creates single points of failure. Distributing workloads across providers or regions reduces exposure.
Offline and local backup. Critical data should be backed up locally, not exclusively in the cloud. If international cables are disrupted, cloud access may be degraded or unavailable for hours or days.
Business continuity planning. When did you last test your internet outage response plan? The scenario of a multi-day, wide-area internet disruption is now worth including in continuity drills.
Supply chain review. If your suppliers or customers rely heavily on international connectivity, their disruption becomes your disruption. A qualified IT specialist can map these dependencies.
The Bigger Picture: A New Era of Hybrid Warfare
What the GUGI submarine operation illustrates is that the boundary between cyber warfare and physical warfare has effectively dissolved. Disrupting internet cables is not a digital attack in the traditional sense — it requires submarines, divers, and cutting equipment. Yet its effect is entirely digital: communications fail, payments stall, cloud services go dark.
This hybrid approach makes it harder for businesses to defend against. Firewalls cannot stop a submarine from severing a cable. But smart infrastructure planning, supplier diversification, and business continuity preparation can limit the damage significantly when — not if — such disruption occurs.
UK businesses that have not yet reviewed their resilience posture in light of state-sponsored infrastructure threats are operating in a risk environment that has changed fundamentally since 2022.
YMYL Note
Decisions about cybersecurity infrastructure and business continuity involve significant financial risk. The information in this article is for general awareness only. For a full risk assessment tailored to your business, consult a qualified IT security specialist.
The UK government's official statement on the submarine operation is available directly from gov.uk — UK exposes covert Russian submarine operation.
If you are concerned about your business's digital resilience in light of state-sponsored threats to UK infrastructure, Expert Zoom's IT security specialists can provide independent assessments and practical recommendations. Finding the right expert for your sector and business size has never been more important — and waiting until a disruption occurs is not a strategy.
