The National Cyber Security Centre (NCSC) new cyber chief, Richard Horne, has issued a stark warning about the growing complexity of “widely underestimated” cyber threats.
Speaking at the launch of the NCSC’s eighth annual review, Richard Horne, Cyber Security Chief, commented: “What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us.”
Intensity of cyber-attacks
Horne emphasised the frequency, sophistication, and intensity of cyber-attacks, which now target everything from healthcare to education, and has called for urgent collective action across public and private sectors to address these evolving threats.
He stressed that the human cost of cyber-attacks is undeniable, and the UK’s reliance on technology has left it vulnerable to exploitation.
Cost of cyber threats
Horne highlighted the increasing frequency and sophistication of hostile cyber activity, particularly from state actors
Horne highlighted the increasing frequency and sophistication of hostile cyber activity, particularly from state actors like Russia and China, who exploit the UK's technological dependency to disrupt and cause destruction.
He also pointed to recent cyber incidents, such as attacks on Synnovis and the British Library, which illustrate the human cost of cyber threats and the urgent need to enhance the resilience of critical infrastructure, supply chains, and the economy.
UK's cyber risks
Andy Ward, SVP International Absolute Security: "The NCSC highlights the alarming reality that the UK's cyber risks are growing faster than our ability to address them. This activity from state actors like Russia and China, combined with increasingly sophisticated cybercriminals leveraging AI, exposes critical vulnerabilities in our infrastructure, economy, and public services."
"Alongside the NCSC warnings, our research shows that almost half (47 percent) of businesses have reported an increase in the volume of state-sponsored cyber threats over the past year. This reflects the urgent need for organisations to strengthen their defences against increasingly aggressive and sophisticated threats."
Cyber resilience strategy
Ward added: "The rise in incidents handled by the NCSC shows that these threats are not just hitting more frequently, but with greater severity. To address this, it is vital to implement a robust cyber resilience strategy."
"This includes investing in prevention and recovery technologies to fortify defences, adopting incident response frameworks to reduce risks and minimise downtime, and enabling real-time visibility across all devices and applications so centralised IT teams can detect suspicious activity early."
Digital health and security risk
Matt Gibney, CTO of adCAPTCHA, commented: “Cyber and bot attacks are no longer a distant concern, they are a very real and growing threat that can target any organisation or individual."
"With services becoming increasingly digitised, creating countless new entry points for cybercriminals, it's critical for businesses to conduct regular audits of their digital health and security risk to avoid falling victim to a costly breach."
Cybersecurity audit
Gibney added: "The NCSC highlights how the risks we face are widening faster than our defences can keep up, with cyber threats becoming more frequent, sophisticated, and impactful. A key part of these risks is the rise of bot networks. Once bots infiltrate IT systems, they can scrape and steal valuable data, sell monetised advertising space and content, and cause major financial losses."
"This why monitoring for the presence of bot networks should be an essential part of any cybersecurity audit. Uncovering the full extent of bot issues allows organisations to prioritise investment in detection and prevention systems, ultimately strengthening their overall cyber resilience.”
NCSC’s Annual Review
The NCSC’s Annual Review highlights the rising use of artificial intelligence (AI) by cybercriminals, making attacks more efficient and harder to detect.
Over the past year, the NCSC managed 430 cyber incidents, including a rise in data exfiltration and ransomware attacks, with sectors such as academia, manufacturing, and IT remaining highly vulnerable. The NCSC urges organisations to adopt stronger cybersecurity practices to mitigate these risks.