The cyber intelligence agency’s new boss Richard Horne has urged public bodies and organisations in all sectors to not just listen to security advice, but take steps to implement it
The head of the National Cyber Security Centre has warned that the UK is engaged in a “contest for cyberspace” with those seeking to use our “technology dependence” to disrupt daily life.
The warning from Richard Horne came as the NCSC’s annual review showed a sizeable increase in the number of incidents handled by the cyber intelligence organisation during the 12 months to the end of August 2024.
Across the year, the NCSC supported the response to 430 incidents, a rise of 60 compared with 2023.
There was a particular spike in the volume of incidents classed as ‘significant’ or ‘highly significant’, which rose from 62 to 89 – equating to an increase of about 44%. These most serious classifications include cyberattacks causing “a serious impact” to public services, the economy, or large numbers of citizens.
Unveiling the report, and giving his first major speech since being appointed NCSC chief executive in October, former PwC senior manager Horne claimed that he had “joined the NCSC at an inflection point which calls for sober reflection”.
“Because we find ourselves now in a contest for cyberspace,” he added. “It’s a contest between those of us who are using technology to conduct and improve our lives and prosperity and those people who seek to use our digital dependency against us… Malicious actors in cyberspace… are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction.”
Related content
- Ex-NCSC head calls for criminalisation of ransomware payments
- Cyber Security Week: Analysis – how and where are attackers getting in?
- ‘The prospect of a category-one cyberattack is not receding’
The potential for attacks to wreak such damage comes as a result of the “online infrastructure which we [now] all rely on to keep the lights on and the water running, to improve our public services, [and] to keep businesses running”, Horne said.
Addressing the rise in incidents in 2024, the NCSC boss added that “hostile activity in UK cyberspace has increased in frequency, sophistication and intensity”.
“We can see this in the intelligence we can access through being part of GCHQ,” he said. “State and criminal actors are using cyber capability against organisations across our society seeking to undermine us.”
The Russian and Chinese states were namechecked as sources of particularly grave threats, and Horne said that government – alongside all other sectors – must do more to improve its cyber posture.
“There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cyber criminals,” he said. “The defence and resilience of critical infrastructure, supply chains, the public sector, and our wider economy must improve.”
These improvements will require organisations to not just heed the words of cyber experts, but to take far greater action to implement them.
“The NCSC, as the national technical authority, has been publishing advice, guidance and frameworks since our inception in a bid to drive up the cyber security of the UK,” Horne said. “The reality is that advice, that guidance, those frameworks need to be put into practice much more across the board. We need all organisations – public and private – to see cyber security as both an essential foundation for their operations and a driver for growth, to view cyber security not just as a ‘necessary evil’ or compliance function but as a business investment, a catalyst for innovation and an integral part of achieving their purpose.”