News and Analysis

Network Rail is fighting off millions of cyber attacks every month, according to new research, as experts warn of a rising tide of threats facing public services. Freedom of information (FoI) requests show the organization blocked over 7.1 million malicious emails between December 2025 and March this year. Of the 7,129,314 email attacks blocked by Network Rail, 331,352 were phishing emails, 1,412 were malware-laden emails, 2,066,392 were spam emails, and 4,730,158 were edge blocked emails. This all adds up to an average of more than 800,000 attacks per day, including around 37,000 phishing attempts.“With so many people in the UK depending on public transport for their daily lives, a successful cyber attack could cause significant disruption, such as potentially stopping people from getting to work,” warned Simon Edwards, CEO of SE Labs. “Therefore, it’s vital that our public sector organizations have a dedicated cyber strategy put in place and ensure rigorous testing to identify any security holes and keep hackers at bay.”Just last week, two members of the hacking group known as Scattered Spider pleaded guilty over their involvement in an attack on Transport for London (TfL) systems. The attack forced all 28,000 employees to attend a TfL office for a password reset and led to a reported £29 million in losses and recovery costs.”As we’ve seen from the recent Scattered Spider convictions, hacking groups have the transport network firmly in their sights. A single successful cyber attack on the rail network could drive Britain to a halt, operationally and economically,” said Graeme Stewart, head of public sector at Check Point. “The transport network is also a treasure trove of personal and financial data, something unscrupulous criminals are eager to get their hands on. That’s why it’s vital that our roads, rail and aviation systems are fully protected with the latest cyber defenses to keep hackers locked out.”What happened with the Network Rail cyber attack?In 2024, Network Rail suffered a cyber attack on its WiFi systems that saw commuters who logged in at affected stations receive information pertaining to terrorist attacks in Europe, as well as a message stating “we love you Europe”. The attack is believed to have taken place through a third-party service provider, Telent, which managed Network Rail’s WiFi services.More recently, train operator LNER said a cyber attack had led to unauthorized access to files managed by an unnamed third-party supplier.Travel networks, particularly rail services, are among the top targets for cyber criminals and state-sponsored groups due to the critical role they play in the British economy, according to research conducted last year. The UK’s Department for Science, Innovation and Technology (DSIT) released a report from KPMG that concluded a major attack on the rail network could cost £1.8 billion for a one-week period of disruption.The direct financial cost to Network Rail would, it concluded, cost around £123 million, with the cost to passengers due to delays adding up to about £281.3 million. Notably, the impact on Gross Value Added (GVA) could be as much as £1.397 billion, representing approximately 2.8% of the UK’s weekly GDP and 0.05% of annual GDP.FOLLOW US ON SOCIAL MEDIA