UK cyber chief calls for action against ‘underestimated’ risk

The newly appointed chief of the UK’s National Cyber Security Centre (NCSC) has warned that cyber risks have been “widely underestimated” and that the resilience of critical infrastructure, supply chains and the wider economy “must improve”. In his first major speech since taking on the CEO role, Richard Horne called for collective action to address what he said was an “increasingly aggressive online world”. Horne was launching the NCSC’s eighth annual review of cybersecurity risks, which highlighted the growing threat facing the UK, including the increased involvement of state actors. “What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us,” he warned. “And what is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.” Horne referred to the various advice, guidance and frameworks that have been published by the NCSC since its inception and called for these to be put into practice “across the board”. He warned that while UK has one of the world’s most advanced digital economies in the world, the threat from hackers and other cybercriminals has been “widely underestimated”. Horne highlighted the role of state actors in cyberattacks – namely the “aggression and recklessness” of Russian cyber activities and the “opportunistic” threat of China state-affiliated actors. Of particular concern is the threat of data theft from state-linked actors. Horne referenced two recent attacks in the UK, against health service provider Synnovis and the British Library, to point out the reliance on technology for basic public services. “We assess that all sectors of UK society are under threat of data theft from this activity – not just traditional intelligence targets – given the low threshold for information being of value,” he said. Horne warned against complacency and called for an improvement in cyber defences across all sectors of the economy and society. “The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve,” he said. Organisations both public and private need to see cybersecurity as essential to their operations and a “driver for growth” and “catalyst for innovation” rather than just another compliance function and “necessary evil”. Horne also cited the Cyber Essentials government programme that was launched ten years ago to give organisations a guide to the security controls they should have in place. According to Horne, research by insurers shows that organisations that have followed the Cyber Essentials guidance are 92% less likely to make a claim on their cyber policies. There was also a reference to upcoming legislation in Horne’s speech, namely the Cyber Security and Resilience Bill set to be introduced to Parliament in 2025 that he said will be a “crucial step towards hardening the UK’s cyber defences”. The NCSC’s annual review outlines Horne’s points in more detail, including the increase in both frequency and severity of attacks. Between September 2023 and August 2024, the agency responded to 430 incidents compared to 371 in the previous 12 months. Furthermore, 12 of these incidents were considered to be at the “top end of the scale”, a near trebling of the number in the previous period. Horne’s comments and the need for more cyber resilience were supported by Ian Birdsey, partner at law firm Clyde & Co. “Tackling these multi-faceted threats boils down to preparedness. Organisations must prepare to identify, respond to and mitigate the risk and subsequent impact of cyber threats. While advanced technologies should be embraced, the human component is at the heart of the solution,” said Birdsey. “Designing resilient cyber risk management systems and encouraging users to serve as a front-line defence are essential to bridging the ‘widening gap’ in the ability to combat cyber threats. Collaboration between governments, regulators and cybersecurity experts is paramount if we are to build robust infrastructure against the ever-evolving cyber threat landscape. Fighting cybercrime is a team sport after all.”

UK cyber chief calls for action against ‘underestimated’ risk

Richard Horne says the gap between exposure and threat is widening

Want to read this article?

Read Next

India’s Insurance Act reform can boost foreign investment, says GFIA

Luxembourg risk association launches training programme

EU pharma and cosmetics bodies mount legal action over wastewater treatment rules

Class action closes against BHP for Brazil dam collapse

German regional court to hear landmark climate lawsuit

India’s Insurance Act reform can boost foreign investment, says GFIA

Luxembourg risk association launches training programme

EU pharma and cosmetics bodies mount legal action over wastewater treatment rules

Class action closes against BHP for Brazil dam collapse

German regional court to hear landmark climate lawsuit

Keep yourself informed

Sign up for Commercial Risk’s newsletters

Want to read this article?

Read Next

India’s Insurance Act reform can boost foreign investment, says GFIA

Luxembourg risk association launches training programme

EU pharma and cosmetics bodies mount legal action over wastewater treatment rules

Class action closes against BHP for Brazil dam collapse

German regional court to hear landmark climate lawsuit

Related Articles

Keep yourself informed

Sign up for Commercial Risk’s newsletters