‘Broader and deeper’ online risk to UK from criminals and state-backed hackers

3 December 2024, 15:34

The GCHQ building in Cheltenham (GCHQ)
GCHQ proposal. Picture: PA

The head of the National Cyber Security Centre, Richard Horne, said the reliance on technology meant the risk from attack was greater.

The UK’s reliance on technology across government, businesses and people’s personal lives has left us more vulnerable to potentially devastating online attacks, the head of the cyber security agency warned.

National Cyber Security Centre (NCSC) chief Richard Horne said the threat was “getting broader and in some parts deeper”, with online criminals and state-backed hackers from countries such as Russia and China looking to exploit vulnerabilities.

He said since taking on the role at the NCSC in October, he was both more concerned because of the “stark truth about the risk” but also more reassured because of the strength of the UK’s cyber defence community.

The head of the NCSC, part of the GCHQ intelligence agency, told the PA news agency: “We’re seeing the threat getting broader and in some parts, deeper.

“So where it’s getting broader is we’re seeing more and more cyber criminals able to have quite devastating effects on organisations and customers of those organisations, or people who rely on those services.”

And “in some cases, it is going deeper” with more sophisticated attacks being carried out around the world, he added.

“That tends to be more in the theatre of war, as it were, but there’s always the possibility of that sort of those really sophisticated attacks spilling over, which we’ve seen in the past.”

In Russia, Vladimir Putin’s government and state-aligned hackers have sought to target countries including Ukraine to support the war there – but also Nato members including the UK.

Mr Horne said: “In some ways, the breadth of threat is really criminals, and those criminals might be in Russia, and they might be kind of state-aligned rather than state-directed.

“But the breadth of threats that most organisations in the UK need to think about is criminal threat, and especially ransomware, because of the devastation it can cause.”

Hackers from China have been blamed for hacking the Electoral Commission’s database and targeting MPs’ emails.

Mr Horne told PA: “China are a very capable cyber actor and they’re certainly establishing their position in the world.

“And for us it comes back to: where are we exposed, where are we vulnerable, how are we managing our risk?

“As geopolitics unfolds and different actors assert their position more, we need to be ready to assert our position, and part of that is defence.”

The last government took action to remove Chinese firm Huawei from the UK’s 5G mobile network because of security concerns.

But with the proliferation of Chinese technology across all aspects of life, Mr Horne insisted the country that technology originated from was not the main factor in determining risk.

He said: “I think in some ways, one of my colleagues had a great expression, ‘the flag is not a great indicator of risk’.

“It’s more a case of ‘what is that technology taking out and what information is leaving’ and it’s not necessarily going to one place or another and it doesn’t really matter, from the perspective of defence, where it’s going because attackers can misuse it.

“It’s more a case of more and more technology is impeding on our lives, we are depending on it more, and as a result, data is leaving us to go elsewhere, and that’s very much part of the risk we need to understand.”

The NCSC’s annual review showed a threefold increase in the most serious cyber incidents affecting the UK in 2023-24, but Mr Horne warned the danger is still being “widely underestimated” by both public and private sector organisations and individuals.

Asked whether it was the Government, companies or individuals failing to understand the risk, Mr Horne said: “I think it’s everyone … The extent to which technology is taking our information and moving it elsewhere, the extent to which organisations rely on their supply chains, and those supply chains have all sorts of risks that they haven’t considered.

“The extent to which organisations apply basic security controls consistently everywhere and not just at the core – they all kind of add up to not properly understanding the extent of exposure and the extent of vulnerability.

“And at the same time, the threat is getting broader. So add all of that together and it’s a growing risk.”

Mr Horne joined NCSC from professional services giant PwC in October. Asked whether he was more concerned or more reassured as a result of his time at the cyber defence agency, he said: “I think you’re more concerned because you do see the stark truth about the risk, but more reassured because there is so much happening.”

The NCSC was part of a cyber defence community “and I think if there’s one thing we have in this country that is probably better than anywhere else, it’s the way we can pull together as that community across all parts of society and protect ourselves together”.

In a speech launching the agency’s annual review at its headquarters in London, Mr Horne said the UK relied on online infrastructure “to keep the lights on and the water running, to improve our public services, to keep businesses running, and to drive our growth and prosperity”.

“But those critical systems and services make attractive targets for hostile states and malicious actors in cyberspace.

“They are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction.”

By Press Association

More Technology News

See more More Technology News

Exclusive
Ministers are looking at relaxing the Tory government's TikTok ban in a bid to woo younger voters online, LBC understands.

Ministers eye TikTok comeback to reach younger voters despite security concerns

Telegram Messenger stock

Telegram to work with internet watchdog on child sexual abuse material crackdown

Riot police at a demonstration outside a hotel in Rotherham (

Oversight Board to examine Facebook posts about summer riots

The Microsoft logo

Microsoft facing £1 billion legal claim from UK businesses

A rendering of a computer chip with a human brain image superimposed on it

Most people happy to share health data to develop artificial intelligence – poll

Hands on a keyboard with code on a computer screen

Cyber risk facing UK being ‘widely underestimated’, security chief warns

Ms Barkworth-Nanton, from Swindon was honoured for services to people affected by domestic abuse and homicide at Buckingham Palace on Thursday (Aaron Chown/PA)

Social media ban for children ‘brilliant idea’ for tackling abuse – charity boss

Baroness Cass sounded the note of caution as she made her maiden speech in the House of Lords (Yui Mok/PA)

Mobiles in schools could become like ‘smoking behind the bike shed’

A young girl looks at social media apps, including TikTok, Instagram, Snapchat and WhatsApp, on a smartphone.

Australian social media ban for under-16s a ‘retrograde step’, UK charity says

Australia will ban social media for under-16s.

Australia passes world-first law banning under-16s from social media

Pacific 24 rigid inflatable boat

‘Robot Rib’ drone boat tested by Royal Navy in UK waters for first time

A child using a laptop

Girls to learn AI skills as part of new Girlguiding activities

A young girl using a mobile phone in the dark

Women spend more time online than men, but worry more about online harms – Ofcom

A person using the Uber app on a smartphone

Uber launches teen accounts, giving parents option to track children’s journeys

A woman using her mobile phone

O2 launches AI-powered scam call detection tool

Google's homepage

Google needs ‘right conditions’ to build more AI infrastructure in UK