At CYBERUK 2026, currently taking place at the SEC Glasgow (21st – 23rd April), Dr Richard Horne, the CEO of the National Cyber Security Centre, used his keynote speech to highlight the cyber security challenges created by rapid technological change dominated by Artificial Intelligence, alongside the need to prepare for migration to post-quantum cryptography. The conference is in its 10th anniversary year and has brought together attendees from industry, academia and government under the theme, ‘The next decade: accelerating our cyber defence’.
Horne described the current environment as a perfect storm for cyber security and said the UK cannot know precisely what an Artificial Intelligence-powered world will look like in 10 years’ time. He argued there is an opportunity for Artificial Intelligence to become a net positive for cyber defence, but said that outcome depends on embracing it, securing it and shaping it. He warned that adversaries will increasingly use Artificial Intelligence tools and said frontier Artificial Intelligence is rapidly enabling discovery and exploitation of existing vulnerabilities at scale. He linked that risk to persistent weaknesses such as technology products shipping with significant vulnerabilities, incomplete or slow patching, and the continued use of old legacy systems.
He also said the timing of a quantum computer being able to break the widely used cryptography relied on across society remains uncertain, but stressed that organisations can act now to be ready. The National Cyber Security Centre has published guidance setting out what organisations need to do over coming years to ensure successful migration to post-quantum cryptography, and Horne said major technology companies are already taking the first steps.
Separately, Liz Kendall, Secretary of State for Science, Innovation and Technology, and Dan Jarvis, Security Minister, wrote an open letter to business leaders about Artificial Intelligence cyber threats. The government recommended that organisations put cyber security at the top of leadership agendas, use the Cyber Governance Code of Practice for larger businesses and the National Cyber Security Centre’s Cyber Action Toolkit for smaller firms, adopt Cyber Essentials, extend those requirements across supply chains, and follow National Cyber Security Centre advice including signing up to the Early Warning Service for advance notice of potential cyber attacks.
