NCSC chief warns future cyberattacks may not include option to pay ransom

Richard Horne, the chief executive of the National Cyber Security Centre (NCSC), has warned that the UK could face large-scale cyberattacks if it becomes embroiled in a geopolitical conflict. In a speech at the CyberUK conference in Glasgow, Horne stated that these attacks would likely be as sophisticated and impactful as the recent high-profile ransomware incidents, such as those affecting Marks & Spencer and Jaguar Land Rover. However, Horne noted that, unlike criminal ransomware, there would be no option to pay a ransom to facilitate recovery.

The NCSC chief highlighted that nation-states now account for the most significant incidents handled by the agency. As such, he described a perfect storm created by rapid technological change and rising geopolitical tensions, placing the UK in a space between peace and war where cyberspace is a key part of the contest. Horne urged both public and private sector organisations to embed "cybersecurity into their corporate missions." 

Speaking at the same event, Security Minister Dan Jarvis has called on AI companies to work with the government on strengthening national cyber defence. Describing the development of AI-driven security as a generational endeavour, Jarvis stated that this cooperation aims to build capabilities for protecting critical networks. These systems are intended to autonomously identify and resolve vulnerabilities at a speed and scale that exceeds human capacity. He noted that the initiative will test the limits of engineering and innovation while ensuring the resilience of the nation’s most vital digital infrastructure. 

Read NCSC press release, calling for organisations to implement additional cybersecurity safeguards.

Training Announcement: The BCS Foundation Certificate in Information Security Management Principles (CISMP) is an entry-level programme aligned with ISO/IEC 27001 and Cyber Essentials that examines the fundamental concepts, technologies and principles of information security management. It provides attendees with practical knowledge of key concepts and techniques in risk management, security operations, and technical, physical, and environmental security. In addition, CISMP addresses legal and regulatory requirements, business continuity and disaster recovery planning, and emerging technologies. Find out more.