top of page

'Businesses must take cyber threat more seriously'

Lindy Cameron, the new chief executive of the UK's National Cyber Security Centre, has set out her vision for the organisation.

The new head of the National Cyber Security Centre (NCSC) has urged businesses to take online crime more seriously.

Lindy Cameron was appointed as the agency's chief executive in October last year, succeeding Ciaran Martin who led its creation in 2016.

During a virtual speech for Queen’s University Belfast, she said: “The cyber security landscape we see now in the UK reflects huge progress and relative strength, but it is not a position we can be complacent about.

“Cyber security is still not taken as seriously as it should be, and simply is not embedded into the UK’s boardroom thinking.

“The pace of change is no excuse – in boardrooms, digital literacy is as non-negotiable as financial or legal literacy. Our CEOs should be as close to their CISO (chief information security officer) as their finance director and general counsel.”

To help businesses of all sizes boost their cyber defences, a network of Cyber Resilience Centres have been established across the UK.

Working alongside the NCSC, the centres - which are free to join - have been developed in partnership with the police, the private sector and academic institutions.

Setting out her vision for the NCSC – which is part of GCHQ – Ms Cameron said the UK must not be complacent in the face of developing threats and new challenges, having made "huge progress" over recent years.

“As our reliance on technology grows, it sadly also presents opportunities for those who want to do us harm online,” she warned.

“Ransomware remains a serious and growing threat, both in terms of scale and severity.

“You will have seen that earlier this week we published further practical guidance to the education sector after seeing a growth in ransomware attacks against schools, colleges and universities.

“Ransomware is not just about fraud and theft of money or data, serious as both are. It’s about the loss of key services and unenviable choices for unprepared businesses.”

Ms Cameron suggested that basic cyber-hygiene is as important a life skill as knowing how to wire a plug, saying “we’re all too aware that cyber skills are not yet fundamental to our education”.

She said: "We no longer need to prove the concept, but in what will be a challenging period of economic recovery, we need to change the dial on the outcomes we seek, and look much further ahead to the generational change that is needed.

“We need to ensure that the fantastic science and technology envisioned in the Integrated Review is protected from theft or acquisition by hostile states.

“We need to ensure that our critical infrastructure, which keeps the country working through thick and thin, is a hard target for those that would seek to disrupt it.

“We need to ensure that the ever-increasing amounts of data generated and processed by the internet services we use every day are properly protected and our privacy appropriately managed.

“We need to ensure that the next generation of commodity technologies don’t repeat the security mistakes of the past.

“We need to ensure that our adversaries – be they state or criminal, traditional or new – think twice before attacking UK targets. And we need to ensure that future generations are better equipped to deal with this complexity than any of their predecessors.”

The NCSC is the UK’s lead authority on cyber security, overseeing the response to cyber attacks and improving the cyber resilience of the UK’s national infrastructure.

Ms Cameron previously served as director-general of the Northern Ireland Office, as well as working at the Department for International Development (DfID), responsible for programmes in Africa, Asia and the Middle East, which included work in Iraq and Afghanistan.


The East Midlands Cyber Resilience Centre is non-for-profit and is Policing-led. We provide a range of affordable cyber resilience services with the very current knowledge and technical expertise from the UK's top university cyber talent. Our services help SMEs and therefore supply chain prepare and improve cyber resilience.

Sign up for FREE membership here.



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page