UK Cyber Chief Issues Stark Warning: Cyber Risks Are Widely Underestimated

The UK is significantly underestimating the cyber risks it faces, according to a warning from Richard Horne, the new head of the National Cyber Security Centre (NCSC), during the agency’s annual review.

Horne, speaking for the first time since taking over at the NCSC (a part of GCHQ, the UK’s signals and cyber intelligence agency), is expected to adopt a more urgent tone in addressing the growing volume of cyber threats.

Despite years of evidence showing a steady rise in cyberattacks, the NCSC has not previously emphasised the severity of these threats. However, Horne plans to highlight the increasing gap between the sophistication of cyber-attacks and the UK's ability to defend itself.

Growing Gap Between Cyber-attacks & Security

“There’s a clear and widening gap between the exposure we face and the defences in place to protect us,” Horne is set to say, according to a preview of his speech. Hostile cyber activities, especially from Russian and Chinese actors, are growing in both complexity and intensity, yet many in British society do not fully grasp the danger.

The NCSC’s annual review revealed a record number of cyber incidents—430 in the last year alone, with 89 of these categorised as nationally significant. Although it remains unclear how many of these attacks were state-sponsored, the report confirmed that ransomware remains one of the biggest threats, with state-linked groups increasingly targeting critical infrastructure.

Businesses Need Proactive Cybersecurity Strategies

For businesses, especially those reliant on technology, this warning reinforces the need for stronger cyber defences. The rapidly evolving threat landscape underscores the importance of proactive cybersecurity strategies. Partnering with specialist recruitment agencies, like those focused on tech talent, is crucial for identifying the cybersecurity experts needed to safeguard critical systems and data. The need for highly skilled professionals to design, manage, and monitor secure networks is more urgent than ever.

Ransomware is particularly highlighted as an ongoing risk, with state-linked groups increasingly targeting the industrial systems that control national infrastructure. Two key vulnerabilities exploited by attackers in the past year, including one linked to attacks on Norway, serve as reminders that even the most advanced technologies are not immune to exploitation.

Horne’s message is clear: there is a widening gap between the threats the UK faces and its current defences. With state and non-state actors collaborating more frequently, and cyberattacks becoming harder to trace, boosting national cyber resilience is essential.

Cyber Essentials Certification “Chronically Low”

One area of concern is the low uptake of the NCSC's Cyber Essentials certification scheme. Despite millions of eligible UK businesses, fewer than 1% are certified, a “chronically low figure” as described by tech industry leaders. The review urges more organisations to take action, implement cybersecurity frameworks, and address vulnerabilities by recruiting and training the next generation of cybersecurity specialists.

For businesses seeking to protect their operations, this is a wake-up call. Cybersecurity cannot be an afterthought. The UK’s critical infrastructure, supply chains, public sector, and broader economy depend on robust defence strategies.

Prioritise Cybersecurity Recruitment

For those working with a specialist technology recruitment agency, now is the time to prioritise cybersecurity talent. KPI Head of Technology Hector Van Duesbury said, “As the threats increase in scale and sophistication, having the right specialists on board is essential to staying ahead of these evolving risks. Whether your organisation needs penetration testers, security analysts, or cybersecurity engineers, businesses need a recruitment partner with deep expertise in tech that can help you find the right professionals to defend against the next attack.”

“In this new era of cyber threats, securing top talent could be the difference between a costly breach and a resilient future.”