Thapana - stock.adobe.com
NCSC announces PwC’s Richard Horne as CEO
Former PwC and Barclays cyber chief Richard Horne set to join UK’s National Cyber Security Centre as CEO
The UK’s National Cyber Security Centre (NCSC) has announced the appointment of Richard Horne, current chair of PwC UK’s cyber security practice, as its new CEO.
Set to replace Lindy Cameron after her three-and-a-half year tenure, Horne is expected to take charge of setting the NCSC’s strategic direction for the “next stage” of its evolution, and will be instrumental in shaping, delivering and communicating the UK’s national response to cyber security.
The NCSC said Horne’s role will specifically include building up the UK’s cyber resilience, ensuring security is central to the development of technologies such as artificial intelligence (AI) and quantum, and managing critical incidents as they occur.
Welcoming Horne’s appointment, Anne Keast-Butler, director of UK signals intelligence agency GCHQ, said: “He brings with him a wealth of experience working with major companies and organisations to help them understand and manage their cyber security – and respond to incidents when they occur.
“Richard’s experience will ensure the NCSC continues to drive cyber security up the boardroom agenda and develop its world-leading partnerships to address the cyber security threats that the UK faces,” she said.
Horne himself said it was an “honour” to be appointed to the role. “Over the seven years since its establishment, the NCSC has repeatedly shown its world-leading understanding of technology and its unparalleled knowledge of the cyber threat we face in the UK,” he said.
“I’m incredibly honoured and excited about leading a globally recognised organisation, its world-class experts and leaders into the future whilst helping ensure that our mission is realised.”
Read more about the NCSC
- NCSC warns CNI operators over ‘living-off-the-land’ attacks: Malicious, state-backed actors may well be lurking in the UK’s most critical networks right now, and their operators may not even know until it is too late, warn the NCSC and its partners.
- Cyber non-profit enlists ex-NCSC head as technical chair: Founding NCSC chief executive Ciaran Martin is to join the Cyber Monitoring Centre non-profit as chair of its technical committee.
- NCSC reaffirms guidance for those at risk of Chinese state hacking: As the UK and US governments announce sanctions and indictments of a Chinese state threat actor, the NCSC has reiterated its security advice for individuals at risk of being targeted for espionage purposes.
Before joining PwC, Horne acted as managing director of cyber security for Barclays, where he was seconded to the Cabinet Office in 2011 to help shape and drive the government’s first Cyber Security Strategy.
Horne has previously served on a number of advisory boards for academic institutions and cyber security startups – including Noetic Security, Cado and NokNok Labs – and holds a PhD in mathematics from Royal Holloway.
In September 2023, the NCSC named Ollie Whitehouse as its new chief technology officer (CTO). He was previously in the same role at NCC Group, as well as other senior roles at BlackBerry and Symantec.
In March 2024, the NCSC published guidance aimed at helping CEOs across the private and public sectors understand how best to manage and respond to cyber security incidents.
Designed to act as a non-technical guide to help business leaders navigate the various courses of action they will need to take during these incidents, the guidelines emphasised the need for organisations to have proportionate and effective governance in place.
It said that CEOs should oversee the implementation of structures to help their teams make effective decisions, which includes accounting for the full impact of the incident across all parts of the organisation, facilitating collaboration between those managing the response, and better empowering senior decision-makers by making it clearer how and why the more technical aspects of a cyber incident will affect them in practice.
It added that the morale and welfare of employees should be seen as a high property during cyber attacks, as stress and uncertainty at such times can be hugely detrimental to incident response.