The UK is failing to fully grasp the severity of the cyber threats it faces from hostile nations and criminal groups, the country’s top cybersecurity official is set to warn.
Richard Horne, head of the National Cyber Security Centre (NCSC) under GCHQ, will emphasize a threefold increase in severe cyber incidents, fueled by Russian "aggression and recklessness" and China's "highly sophisticated" operations.
In his inaugural speech as the NCSC chief on Tuesday, Horne will highlight the escalating “frequency, sophistication, and intensity” of cyber activities targeting the UK. He will caution that adversaries aim to inflict maximum disruption, pointing specifically to “Russia’s reckless cyber aggression” and “China’s growing ambition to project influence through advanced digital operations.”
Horne will underscore that the risks are widely underestimated across the UK, warning, “The severity of the threats facing the UK is not fully appreciated.” This message serves as a wake-up call for businesses and public sector organizations to address the escalating cyber threat landscape.
The NCSC’s annual review reveals a significant rise in serious cyber incidents over the past year, with the agency responding to 430 incidents from September 2023 to August 2024, compared to 371 in the prior year. Of these, 12 were classified as “top-end” incidents—triple the number recorded in the previous year.
Horne will stress the urgent need for bolstering defenses: “The resilience of critical infrastructure, supply chains, the public sector, and our economy must improve to match the scale of threats we face.”
Recent ransomware attacks against prominent UK targets, such as the British Library and Synnovis—responsible for NHS blood tests—highlight the widespread impact of cybercrime. Horne will address the profound human implications, stating, “Technology is deeply embedded in our lives, and cyber-attacks have direct human costs.”
The NCSC recorded 317 ransomware incidents in the past year, including 13 of national significance. These attacks, often originating from Russian or post-Soviet cyber gangs, typically involve paralyzing IT systems and demanding ransom payments in cryptocurrency. Some groups, like Evil Corp, are believed to act on behalf of Russian state intelligence services.
The NCSC’s review identifies Russia and China as the most aggressive state actors, while also spotlighting emerging threats from Iran and North Korea. Russian cyber activities have inspired non-state actors to target Western infrastructure, while Chinese-linked groups, such as Volt Typhoon, are suspected of preparing for future disruptive attacks.
In the UK, Chinese hackers have already targeted MPs’ emails and the Electoral Commission database. Meanwhile, Iran is escalating its disruptive cyber activities, and North Korean operatives are accused of stealing cryptocurrency and defense data to fund the regime and bolster military capabilities.
The report also highlights an unusual tactic by North Korea: employing IT professionals posing as freelance workers to infiltrate UK firms and generate revenue for its government.
Horne will conclude his speech with a stark warning about the growing gap between the scale of cyber threats and the nation’s readiness to counter them. “What has struck me most since taking on this role is the widening gap between the threats we face and the defenses we have in place. We must work faster to stay ahead of our adversaries.”
Cybersecurity expert Alan Woodward of Surrey University echoed the urgency of the NCSC’s message, describing it as a “klaxon” for the public and private sectors to stay vigilant. “The government is sounding the alarm, but not everyone is listening yet,” he cautioned.
As the cyber threat landscape evolves, the NCSC is urging organizations across academia, manufacturing, IT, and other key sectors to strengthen their defenses before the risks become even more severe. Photo by jaydeep, Wikimedia commons.