Cyber risk facing UK being ‘widely underestimated’, security chief warns

The UK needs to wake up to Russia’s online “aggression and recklessness” and the risks posed by “highly sophisticated” Chinese hackers, the cyber security chief will warn.

In his first major speech, Richard Horne, head of GCHQ’s National Cyber Security Centre (NCSC), will highlight the “widening gap” between the threats facing the UK – from both state-backed hackers and online criminals – and the defences in place to protect businesses and public services.

The NCSC’s annual report shows a threefold increase in the most serious cyber incidents affecting the UK in 2023-24, but Mr Horne will warn the danger is still being “widely underestimated” by both public and private sector organisations.

Mr Horne, who took over as the cyber security agency’s chief in October, will say on Tuesday: “What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us.

“And what is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.”

Mr Horne will warn of “the aggression and recklessness of cyber activity we see coming from Russia”, both from organisations linked to Vladimir Putin’s government and groups operating without direct Kremlin control.

He will say: “We can see how cyber attacks are increasingly important to Russian actors, along with sabotage threats to physical security, which the director general of MI5 spoke about recently.

“All the while, China remains a highly sophisticated cyber actor, with increasing ambition to project its influence beyond its borders.

“And yet, despite all this, we believe the severity of the risk facing the UK is being widely underestimated.”

Speaking at the NCSC’s headquarters in London, he will say: “There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cyber criminals.

“The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve.”

The NCSC’s report described Russia as a “capable, motivated and irresponsible threat actor in cyberspace” and through its actions in Ukraine Mr Putin’s government is also inspiring “non-state threat actors” not officially linked to the Kremlin to carry out cyber attacks against critical national infrastructure.

Chinese hackers such as the Volt Typhoon group had targeted US infrastructure and “could be laying the groundwork for future disruptive and destructive cyber attacks” while in the UK Beijing-linked groups are believed to have targeted MPs’ emails and the Electoral Commission’s database.

The report also warns that Iran “is developing its cyber capabilities and is willing to target the UK to fulfil its disruptive and destructive objectives” while North Korean hackers were targeting cryptocurrency to raise revenue and attempting to steal defence data to improve Pyongyang’s internal security and military capabilities.

The NCSC also believes that UK firms are almost certainly being targeted by workers from North Korea “disguised as freelance third-country IT staff to generate revenue for the DPRK regime”.

The report highlights major incidents including the British Library hack in October 2023 and the Synnovis incident in June 2024, which saw a Russian gang carry out a ransomware attack which disrupted health services.

Mr Horne will say: “The attack against Synnovis showed us how dependent we are on technology for accessing our health services. And the attack against the British Library reminded us that we’re reliant on technology for our access to knowledge.

“What these and other incidents show is how entwined technology is with our lives and that cyber attacks have human costs.”

In all, 2023-24 saw the NCSC receive 1,957 reports of cyber attacks, 430 of which needed support from the centre’s incident management team, up from 371 the previous year.

Of these incidents, 89 were nationally significant, 12 of which were at the top end of the scale and more severe in nature, a threefold increase on last year.

The NCSC said: “The UK needs to wake up to the severity of the cyber threat.”

The report added: “The UK cannot underestimate the severity of state-led threats, or the volume of the threat posed by criminals.

“The resilience of critical infrastructure, supply chains and the public sector must improve. But so must our wider economy.”

The increasing availability of artificial intelligence (AI) can “increase the volume and heighten the impact of cyber attacks”, the report said.

Cabinet Office minister Pat McFadden said: “As this report shows, while AI presents huge opportunities, it is also transforming the cyber threat.

“Cyber criminals are adapting their business models to embrace this rapidly developing technology – using AI to increase the volume and impact of cyber attacks against citizens and businesses, at a huge cost.”