NCSC chief warns of gap in cyber threats and defence capabilities

The UK’s cyber security chief has warned of a widening gap between the escalating cyber threats faced by the UK and its allies and their collective defence capabilities.

Speaking at Singapore International Cyber Week, Richard Horne, the newly appointed head of GCHQ’s National Cyber Security Centre (NCSC), urged closer cooperation between the UK and its allies, in a wider call for greater global resilience in the face of increasingly complex and aggressive online security threats.

“Increased dependence on technology is driving growth and transforming societies, creating exciting new opportunities. It also exposes us to greater cyber risks. Without collective action, we risk widening the gap between the escalating threats to our societies, critical services and businesses, and our ability to defend and be resilient,” said Horne.

“The threat landscape is growing more complex, with significant incidents on the rise. To close this gap, we need coordinated global efforts to strengthen cyber resilience, ensure security is built into technology from the outset, and prepare both the public and private sectors to not only defend, but also recover swiftly from destructive cyber attacks.”

Horne highlighted this collaboration was especially important given the significant broadening of the threat landscape as a result of cyber capabilities expanding, which has seen the NCSC already respond to 50% more nationally significant incidents in 2024 compared to last year, as well as a threefold increase in “severe incidents”.

“Last month, 39 nations and eight international insurance bodies endorsed guidelines for organisations navigating ransomware payments,” he said, referring to guidance created by the UK and Singapore during at the fourth Counter Ransomware Initiative Summit in early October.

That guidance noted that paying ransoms offer no guarantee of data recovery or future security, and instead encourages victims to report attacks to the authorities, assess the availability of their data backups, and take advice from cyber experts. It also prompts organisations to take action before an attack by having policies, frameworks and communications plans in place.

“This is a prime example of the progress we can achieve by working together, proving that cyber space knows no boundaries,” said Horne.

Further emphasising the importance of long-term technology resilience, Horne also warned that many new technologies being developed now could become vulnerable without integrated management and security over the entire life cycle of a product.

“Today’s innovation is tomorrow’s legacy,” he said. “The innovative technologies we are building today will become the legacy technologies of tomorrow. We must adopt a lifecycle management approach to ensure they remain secure and resilient in the future.”

He added that while developers must plan for the future to ensure new systems are able to withstand tomorrow’s cyber threats, governments need to “step in to set the tone and guide the conversation” rather than leaving it to businesses and public service alone.

The NCSC previously warned in January 2024 that artificial intelligence (AI) will soon be widely used to increase the volume and impact of ransomware attacks, noting it is already clear the technology is being used for malicious cyber activity.

“The emergent use of AI in cyber attacks is evolutionary, not revolutionary, meaning that it enhances existing threats like ransomware but does not transform the risk landscape in the near term,” said then-NCSC CEO Lindy Cameron.

“As the NCSC does all it can to ensure AI systems are secure by design, we urge organisations and individuals to follow our ransomware and cyber security hygiene advice to strengthen their defences and boost their resilience to cyber attacks.”