‘Nationally significant’ cyber attacks double since last year, security chief warns

The number of “nationally significant” cyber attacks in the last eight months has doubled on the same period a year ago, a security chief has warned.

Richard Horne, chief executive of the National Cyber Security Centre, said that the agency had dealt with 200 incidents since September 2024, including twice as many causing widespread disruption as the same period last year.

Speaking at the CyberUK conference in Manchester on Wednesday, Mr Horne warned that adversaries were “probing for weaknesses” and operating daily in a grey area “between peace and war” to pursue geopolitical goals.

Russia will continue to target Ukraine and supporting countries with digital espionage in order to gain strategic ground in ceasefire negotiations, he said, while the UK faces further threats from Iran, China and North Korea.

The intervention comes after a wave of cyber attacks on high-profile British retailers including Harrods, Marks and Spencer and the Co-op Group in recent weeks.

In a speech to business chiefs and tech experts, Mr Horne said: “In just the last few weeks, we have seen the very real impacts that cyber attacks can have and the kind of disruption they can cause for both businesses and individuals alike.

“The threat picture is diverse and dramatic – at the NCSC we’ve managed more than 200 incidents since September last year.

“This includes twice as many nationally significant incidents as the same period a year ago.”

Mr Horne said that behind the attacks were “our adversaries”, warning that “hostile nation states have weaponised their cyber capabilities.”

“While they might not be using them in pursuit or support of direct conflict, some are operating daily in the grey zone, that murky space between peace and war where states and non-state actors engage in competitive activity.”

While Beijing remains the “pacing threat” in the cyber realm with the Chinese Communist Party’s “vast ecosystem” of legislation and data, Moscow has been using criminal proxies to focus on acts of sabotage, he said.

“With our partners in MI5, including the National Protective Security Authority, we see a direct connection between Russian cyber attacks and physical threats to our security,” Mr Horne warned.

“These threats are manifesting on the streets of the UK against our industries and our businesses, putting lives, critical services and national security at risk.

“And so the role of our community is therefore not just about protecting systems, it’s about protecting our people, our economy, our society from harm.”

He added: “Today, I can say for the first time, based on our assessments, that as we move closer to the possibility of a ceasefire in the Ukraine conflict it is almost certain that Russia will continue its wider cyber espionage activity against Ukraine and supporting countries to gain strategic advantage in its negotiation strategy.”

Meanwhile, UK firms are being targeted by IT workers in the North Korean system to raise revenue for the country’s regime and Britain also faces a heightened threat of espionage from Iran, he said.

Mr Horne said the NCSC, which is a part of the UK’s GCHQ spy agency, is able to gather intelligence about what adversaries are doing and an act on it at pace to disrupt hostile activity.

But he said cybersecurity must be something that “we all need to do together” to “ensure our collective success”.

“We cannot control everything, but we must control the things that we can and be prepared for the things we can’t,” Mr Horne said.

Meanwhile, Chancellor of the Duchy of Lancaster Pat McFadden warned that Government systems are not “bombproof” and remain in need of modernisation.

Speaking at the conference, the senior Cabinet minister said: “I can’t stand here this morning and tell you that the Government systems are bombproof. This is not the case.

“We have new systems built on top of legacy systems and we are doing everything in our power to modernise the state and to upgrade these core systems but the Government and the country as a whole has to take this seriously if we are going to do it securely in the future.”

Mr McFadden said the cyber attacks in recent weeks should be a “wake-up call” for British businesses as he announces a £16 million package to boost defence at home and abroad.

The Government has unveiled measures aimed at reinforcing systems against attack, including driving investment into CHERI, a “magic chip” that builds advanced memory protections in microprocessors.

Some £4.5 million will be spent helping firms bring the technology, which can block up to 70% of common cyber attacks, to market, the Cabinet Office said.

A new software security code of practice will also be published on Wednesday, outlining essential steps the Government believes every organisation developing or selling software should be taking to secure their products.

An extra £7 million for Britain’s Laboratory for AI Security Research will be confirmed, along with investment of £8 million in Ukrainian cyber defences and more than £1 million to “protect Moldovan elections”.

Mr McFadden said cyber would also be a prime target for economic growth in the Government’s upcoming industrial strategy.

“There is enormous potential for cyber security to be a driving force in our economy – creating jobs, growth and opportunities for people. It’s already a sector on the up – with over 2,000 businesses across the UK,” he said.

“It is going to be a significant commitment, a vote of confidence in your sector, and one that will tell the world: the UK plans to be a global player in cybersecurity for decades to come.”