We’re in a perfect storm, the CEO of the UK official NCSC (National Cyber Security Centre) Richard Horne suggested in a speech at the official annual CYBERUK event, this year in Glasgow.
The two forces of ‘rapid technological change and rising geopolitical tensions’ are creating ‘what feels like tumultuous uncertainty’, he said. Artificial intelligence, Quantum computing and other technologies are set to disrupt our world even faster. As for geopolitics, he repeated other officials that we ‘areโฏoperatingโฏin a space between peace and war. And let’s be clear, cyberspace is part of that contest.’
He summed up that ‘technology will continue its disruptive journey. Geopoliticsโฏwill continue to shape the cyber threats we face. Cyber security sits at the intersection of these forces, poweringโฏour growth, securing our society.’ He called for a ‘shared mission’, and a ‘culturalโฏshift’ so that everyone, whether they sit on the board or the IT help desk, ‘knows thatโฏcyber securityโฏis part of theirโฏmission’.
For the speech in full visit the NCSC website. For more about the event, visit https://www.cyberuk.uk/.
Comments
Graham Peters, managing director for government services at Arqit, says:ย โThe theme of this yearโs Cyber UK โ accelerating our cyber defences โ feels particularly relevant as organisations begin to get to grips with post-quantum cryptography (PQC). With the NCSC setting clear timelines for migration planning, for many the challenge is not what to do, but where to start. Recent moves by major technology providers such as Google and Cloudflare to bring forward their quantum security deadlines highlights the growing urgency to act.
โSome organisations are already underway with PQC migration programmes, others are just reaching the starting line, and many are still working out how to get going. The risk is that delaying planning will lead to higher costs and greater disruption later. The first step is understanding your current cryptographic landscape โ because you canโt plan a migration if you donโt know what you have.”
Dr Ric Derbyshire, Principal Security Researcher at Orange Cyberdefense, picked up Horne’s warning that ‘in, or near, a conflict situation, the UK would likely face hacktivist attacks at scale’. Derbyshire said: “Escalatory hacktivism is a phenomenon we are seeing in which groups align with state-backed narratives and contribute to their host stateโs hybrid warfare efforts. This trend is set to become more pervasive and more impactful.
“Weโve seen a diversification of attacks alongside a shift in strategic focus, with contemporary hacktivist groups moving towards targeting operational technology environments. Amid persistent geopolitical instability, we must be prepared for an increase in both the frequency and severity of attacks, especially against critical national infrastructure,where the cyber-physical impact is likely to be more consequential.
“The NCSCโs warning that the UK will likely face hacktivist attacks at scale must signal a shift for both industry and government. This is about societal resilience as much as cyber resilience. It will require stronger global collaboration, closer public-private coordination, and sustained legislative action, such as the Cyber Security and Resilience Bill, with a focus on protecting critical services and maintaining continuity in the face of disruption.โ
And Mike Maddison, CEO of the cyber security company NCC Group, said: โResilience is now being tested at the intersection of AI and geopolitical tensions. Weโve seen first-hand that there is no longer a clear distinction between cyber activity and national security, with nation states using cyber capabilities for disruption, influence and deterrence. As critical infrastructure and supply chains are largely owned and operated by the private sector, organisations now play a direct role in national security and must ensure they are resilient to minimise the impact of attacks – whether from cyber criminals or nation states.โ
โAI is accelerating cyber risk in both scale and complexity, and we advise our clients that underestimating this shift could quickly leave them exposed. Long-term national security now demands a far more deliberate approach – combining advanced technologies with strong human expertise, active board-level accountability and rigorous governance.โ
