4주차｜기술·ICT·정보보안_강미현

[강미현]

Annual Review 2025 launch

Speaker: CEO Richard Horne (영국의 국가사이버안보센터 소속)

Date: 14 October 2025

Link: https://www.ncsc.gov.uk/speech/annual-review-2025-richard-horne-speech

Glossary

1. Incident Management team - 사고 대응팀, 사고 관리팀

2. NCSC (National Cyber Security Centre) - 영국 국가사이버안보센터

3. ‘highly significant' - 고위험

배경지식

1. 이 연설은 NCSC라는 국가 사이버 안보 책임 기관의 시각에서, 사이버 위협을 단순한 기술 문제가 아닌 국가 안보와 공공 안전의 문제로 다룬다.

2. 최근 사이버 공격은 전 산업을 대상으로 하며 성공률은 낮지만, 일단 발생하면 경제·조직·개인에게 심각한 피해를 주는 방향으로 진화하고 있다.

3. 핵심 메시지는 대비 여부가 피해의 크기를 좌우하므로, 모든 조직이 사전 대응 계획을 갖추고 지금 즉시 행동해야 한다는 경고이다.

Script

Last year, I spoke to you about the widening gap between the rising pace of the cyber threat and the UK’s collective resilience in facing that threat.    

This year, that gap continues to grow.   

So today, my message is simple: the time to act is now.  

Over the past few weeks and months we have seen household names impacted by cyber incidents across all sectors of the economy… from retail to manufacturing and transport.  

And those are just the incidents that have made the headlines.

While you may be able to recall a handful of specific stories... in the twelve months to the end of August this year, our Incident Management team was asked to support some 429 cyber incidents.    

When we dig into those numbers, nearly half of all incidents that have crossed our desks have been of national significance.

Meaning that, on average, the NCSC has dealt with four nationally significant incidents a week.

And 18 were classed as ‘highly significant’,     

Attacks which have a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy.     

That is a 50% increase on the previous year, and a marked increase for the third consecutive year. 

Now it would be easy to look at these numbers, and think we’re under siege, that we should hold up our hands and admit defeat... but that is not the case.   

We know that far far more cyber attacks fail than succeed.

That is not by chance.   

It’s because organisations have built good defences.  

We are also seeing more organisations able to continue in the face of an attack that does break through because they were prepared.

It can be done.  

But we do see our attackers improving their ability to cause real impact…to inflict pain on the organisations they have breached and those who rely on them. 

They don’t care who they hit or how they hurt them

That is why we need all organisations to act.  

Cyber attacks are not just a matter of computers and data.    

They impact growth, prosperity, safety, national security, reputations, operations, bottom lines, lives and livelihoods. 

As the CEO of a major UK retailer has said, there is nothing that can fully prepare you for the moment a cyber incident unfolds and you receive that phone call.   

But worse than receiving that call is receiving it when you do not have a plan.

I’ve sat now in too many rooms with individuals who have been deeply affected by cyber attacks against their organisations.

I’ve seen the emotional impact written across their faces.

I know the impact the disruption has on their staff, suppliers and customers, the worry, the sleepless nights. (441)