UK Government Says 100 Countries Have Spyware that Can Hack People’s Phones

The commercial spyware market has surged in recent years, driven by private firms that sell zero‑day exploits to governments. As the UK intelligence community now reports, roughly 100 nations can acquire tools like Pegasus or Graphite, a stark increase that reflects both the commoditisation of cyber‑espionage and the erosion of export barriers. This diffusion means that sophisticated surveillance capabilities are no longer confined to a handful of superpowers, raising the baseline threat level for any country that relies on digital communications.

For British businesses, the implications are immediate. The NCSC’s findings show that high‑net‑worth individuals, including bankers and executives, are now explicit targets, signalling a shift from traditional activist or journalist surveillance to economic espionage. Companies must therefore reassess their cyber‑hygiene, patching vulnerable software and adopting multi‑factor authentication to mitigate infection vectors. Meanwhile, state‑sponsored campaigns—particularly those linked to China—are focusing on data exfiltration and preparatory moves related to a potential Taiwan conflict, underscoring the geopolitical dimension of these attacks.

Policymakers face a dual challenge: curbing the export of offensive cyber tools while fostering international norms that deter misuse. The DarkSword leak, which made sophisticated iPhone exploits publicly available, illustrates how quickly government‑grade code can proliferate into the criminal underground. Strengthening export controls, enhancing transparency around spyware sales, and investing in collective defence initiatives are essential steps for the UK and its allies to contain this expanding threat landscape.