UK underestimating geopolitical cyber risks, warns new NCSC chief

“Frequency, sophistication and intensity” of “hostile activity” has increased, warns Richard Horne

The cyber threats facing the UK are “widely underestimated” as the world becomes increasingly unstable.

That’s the warning from Richard Horne, the new head of GCHQ’s National Cyber Security Centre (NCSC).

In his first major speech as the NCSC releases its 2024 annual report, Horne warned organisations, both public and private, that they need to do more to protect themselves against hostile threat actors.

That’s not just regular cyber criminals, but state-backed actors, with the line between the two often blurred.

“Hostile activity in UK cyberspace has increased in frequency, sophistication and intensity. We see this in the intelligence we can access through being part of GCHQ. Actors are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction,” warned Horne.

He continued: “What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us.

“And what is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.”

Horne fears that leaders across both public and private sectors aren’t putting into practice NCSC guidance and frameworks as rigorously as they ought, putting their organisations at risk.

“In recent years, the NCSC has produced world-leading cyber security guidance and frameworks, such as our guidelines for secure AI system development. Unfortunately, not enough organisations are implementing our guidance, nor applying these frameworks,” he said.

And, he added, the NCSC on its own is unable to compel organisations to apply its advice, which may entail new legislation.

“We will work with our partners across government to explore how we can influence the technology market to adopt more secure behaviours, which may include new legislation (such as the Cyber Security and Resilience Bill) and regulation to drive through the step change we believe is required to keep the UK safe.”

Horne was backed up by Pat McFadden, Chancellor of the Duchy of Lancaster: “We must work alongside industry to meet the increasingly sophisticated challenges we face and make the UK the safest place to live and work online.”