The UK is underestimating the risks it faces from hostile states and gangs and must take collective action against an increasing complex set of threats. The warning from Richard Horne, CEO of the National Cyber Security Centre, accompanies the launch of the NCSC’s annual review which highlights a growing threat from state actors.

In what will be his first major speech since taking the role in October 2024, Horne is expected to say: “What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us. And what is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.”

He will point out that the NCSC has been publishing advice, guidance and frameworks since its inception but adds that these all need to be put into practice much more across the board. “We need all organisations, public and private, to see cyber security as both an essential foundation for their operations and a driver for growth; to view cyber security not just as a ‘necessary evil’ or compliance function, but as a business investment, a catalyst for innovation and an integral part of achieving their purpose.”

Horne suggests that the UK’s growing dependency on technology combined with adversaries who are conspiring to take advantage of this poses a significant threat. Highlighting the disruption that cyber attacks can cause, he warns: “There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cyber criminals. The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve.

“In the past year, we have seen crippling attacks against institutions that have brought home the true price tag of cyber incidents. The attack against Synnovis showed us how dependent we are on technology for accessing our health services. And the attack against the British Library reminded us that we’re reliant on technology for our access to knowledge.

“What these and other incidents show is how entwined technology is with our lives and that cyber attacks have human costs.” 

• In its 2024 annual review, the NCSC reported a rise in cyber incidents and growing severity in their impact, with conflicts around the world fuelling a volatile threat landscape, particularly from Russia but also from China and Iran.

Ransomware is named in the review as the most pervasive cyber threat to UK organisations, highlighting the financially motivated ransomware attack on Synnovis, a supplier to the NHS, which had a significant impact on citizens. Elsewhere, cyber criminals’ have been utilising AI to increase the volume and heighten the impact of cyber attacks.

This year, the NCSC’s incident management team handled 430 incidents, a 16% increase on the previous year. Of these, 347 involved some level of data exfiltration and 20 incidents involved ransomware. The top sectors reporting ransomware activity into the NCSC this year were academia, manufacturing, IT, legal, charities and construction.

The NCSC also issued 542 bespoke notifications informing organisations to a cyber incident impacting them and provided advice and guidance on how to mitigate it. This was more than double the 258 bespoke notifications issued last year. Almost half of the bespoke notifications sent this year related to pre-ransomware activity, enabling organisations to detect and remove precursor malware before ransomware was deployed.

---