‘Sleeper-cell’ hackers are stealing company data now for future attacks, warns ISF chief

Steve Durbin says cyber criminals are entering company networks to watch, gather intelligence and prepare for later disruption, with stolen data potentially used in later attacks

Sleeper-cell-style hackers are breaking into company networks to watch, steal information and prepare for future attacks rather than cause immediate disruption, one of the cyber security industry’s leading figures has warned.

Steve Durbin, chief executive of the Information Security Forum (ISF), said attackers were increasingly using company systems as intelligence-gathering targets, with stolen data later used for espionage, disruption, reputational damage or attacks on critical infrastructure.

The warning raises the prospect of businesses discovering too late that an earlier breach was not the end of an incident, but the start of a much longer campaign.

Durbin told Business Matters that the risk was especially acute for critical infrastructure, defence, arms manufacturing and other sensitive sectors, where state-backed attackers may be gathering intelligence, trade secrets and strategic information for future use.

“You may want to go into somebody’s network and just watch what’s going on, exfiltrate some of that information so that in the future you may be able to use it,” he said, warning that the threat was no longer limited to stolen files or disrupted systems.

Data taken from private businesses could also be used for espionage, narrative manipulation and reputational attacks, with information leaked, altered or selectively released to damage trust, Durbin added.

Cyber attacks are rising globally, with organisations facing an average of 1,925 attacks a week in the first quarter of 2025, up 47 per cent on the same period a year earlier.

BT alone said it detects more than 2,000 signals of potential cyber attacks every second across its networks, or more than 200 million a day, and that web-connected devices are scanned more than 1,000 times a day by known malicious sources.

Durbin has previously warned that the UK government’s failure to mention cyber security in the Spring Statement risks leaving parts of the public sector exposed as tensions in the Middle East heighten the risk of cyber spillover.

The threat is now so severe that it is a matter of “survival” for companies, with firms no longer able to plan on the basis that every attack can be stopped.

Organisations should instead identify the systems and data they need to keep operating during a breach and build their defences around protecting those core functions.

Artificial intelligence is adding further pressure, he said, with companies adopting new tools while still working out how to use them safely.

Staff are putting sensitive company information into public AI tools such as ChatGPT, which could then be absorbed into future answers produced for other users.

Attackers are also avoiding direct assaults and are instead using smaller and less protected suppliers as a route into larger organisations’ IT systems.

Speaking to Juliette Foster, Durbin said: “I think we have to move very, very quickly away from this concept that we can prevent attacks happening.

“We have to move to a position that says, irrespective, my company is going to be resilient.”

Looking ahead, Durbin said businesses were better placed than before to deal with some emerging threats, but warned that no one could yet predict exactly how AI-enabled attacks would develop.

He said that uncertainty strengthened the case for cyber audits to become a legal requirement for larger organisations, while international agreement on cyber law and AI governance remained difficult because technology was moving faster than regulation.

Skills shortages are adding further pressure, with the cyber industry still short of people as the threat landscape expands.

“I would say we are better placed to offset some of the threats that are coming down the road, but we don’t actually know what some of those AI threats are going to look like,” he added.

Watch the full interview with Steve Durbin, chief executive of the Information Security Forum, on Business Matters at 9.30am on Sunday, June 14, on Bloomberg TV, available on Sky 502, Sky Glass 505, Virgin 609 and Freesat 208.

VIEW MORE: Staff are handing company secrets to AI because ‘bosses have failed to set the rules’. Zendata Cybersecurity chief Isabelle Meyer says workers are using chatbots before many employers have explained where company data can safely go.

Do you have news to share or expertise to contribute? The European welcomes insights from business leaders and sector specialists. Get in touch with our editorial team to find out more.