UK Cyber Risks Are ‘Widely Underestimated,’ Warns Security Chief

In his first speech on Tuesday, the new head of the U.K.’s National Cyber Security Centre warned that the country’s cyber risks are “widely underestimated.”

Richard Horne, who took the position in October, says that hostile activity has “increased in frequency, sophistication and intensity,” largely from foreign actors in Russia and China. He highlighted the ransomware attacks on the British Library and pathology company Synnovis, which disrupted the NHS, illustrating a dependence on technology for knowledge access and health.

“Actors are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction,” he said in the speech.

SEE: 1.1 Million UK NHS Employee Records Exposed

NCSC annual report saw a rise in cyber incidents in 2024

Horne’s words come on the heels of the NCSC’s Annual Review 2024, which reveals that its Incident Management team handled 430 incidents this year compared to 371 in 2023. Of these, 347 involved some form of data theft, while 20 involved ransomware.

The report singles out ransomware as the most pervasive threat to U.K. businesses, especially in academia, manufacturing, IT, legal, charities, and construction. According to the NCSC, the pervasion of generative AI has been found to increase the risk of ransomware by providing “capability uplift” to attackers. Amateur attackers can use it to craft social engineering materials, analyse exfiltrated data, code, and reconnaissance, essentially lowering the barrier to entry.

The NCSC’s Annual Review described 12 of the 430 incidents as “at the top end of the scale and more severe in nature,” a threefold increase over the year prior.

The country is not taking cyber resilience seriously enough, Horne says

“What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us,” he said. “And what is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.”

Indeed, research from this year has found that 87% of U.K. businesses are unprepared for cyber attacks, 99% faced one in the last year, and only 54% of U.K. IT professionals are confident in their ability to recover their company’s data after an attack.

Horne added that the guidance and frameworks drawn up by the NCSC are not widely used. Ultimately, businesses need to change their perspective on cyber security from a “necessary evil” or “compliance function” to “an integral part of achieving their purpose.”

State-led threats are closing in on the U.K., according to the NCSC

State-led threats form a key part of both Horne’s speech and the Annual Review, as there is “no room for complacency” regarding their volume and severity.

Russia

This year, the NCSC and other international cyber authorities, including the U.S. Federal Bureau of Investigation, warned about pro-Russia hacktivist attacks targeting operational technology such as smart water meters, dam monitoring systems, smart grids, and sensors for precision agriculture. Multiple instances of Russian intelligence services mandating attacks and espionage against NATO allies were also exposed.

“Russian threat actors almost certainly intensified their cyber operations against Ukraine and its allies in support of their military campaign and wider geopolitical objectives,” the Annual Review reads. “Through its activities in Ukraine, Russia is inspiring non-state threat actors to carry out cyber attacks against western CNI.”

China

Horne calls China “a highly sophisticated cyber actor, with increasing ambition to project its influence beyond its borders.” This year it was revealed that Chinese state-sponsored attackers have compromised critical national infrastructure in the U.S. and targeted U.K. MPs and Electoral Commission.

SEE: Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

The Review states that Iran “is developing its cyber capabilities” and “willing to target the UK to fulfill its disruptive and destructive objectives” after attacking organisations in the U.S.

North Korea and Iran

The Democratic People’s Republic of Korea also remains a prolific cyber threat actor, targeting cryptocurrency and defence organisations to raise funds and collect military intelligence. The NCSC believes that U.K. firms are also at risk from North Korean IT workers disguising themselves as freelancers to generate further revenue, according to the Review.

Critical infrastructure is most at risk

“The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve” to protect against these nation-state threats, Horne said.

Ian Birdsey, partner and cyber specialist at law firm Clyde & Co, told TechRepublic in an email: “The UK has increasingly become a target for hostile nations due to the redrawing of geopolitical battle lines and the rise in global conflicts in recent years. In turn, threat actors based in those territories are increasingly launching more severe and sophisticated cyberattacks on UK organisations, particularly within critical national infrastructure and its supply chain.

“As these systems become more digitalised and interconnected, the pace of these threats continues to escalate. Cyberwarfare has become an ever-present feature and routine dynamic of traditional warfare.”