Artificial intelligence, combined with geopolitical conflict, is creating a “perfect storm” of cybersecurity threats that will require “everyone” within an organisation to “maintain collective resilience,” according to the head of the UK’s cyber intelligence agency.

Richard Horne, chief executive of the National Cyber Security Centre (NCSC), will tell a conference today in Glasgow that organisations are facing a world of “tumultuous uncertainty”, which will mean that “cyber security is the responsibility of everyone, whether they sit on the board or the IT help desk… cyber security is part of their mission.”

He will go on to say that “organisations that do not focus on their technology base… as core to their prosperity… are no longer just naive but are failing to grasp the reality of today’s world.”

Horne will warn that, although the number of cyber-attacks remains steady, the “majority of the nationally significant incidents that the NCSC is handling now originated directly or indirectly from nation states.”

Last year saw massive cybersecurity breaches at major UK companies, including Marks & Spencer and Jaguar Land Rover.

In the case of the retailer, the attack is estimated to have cost £100m in lost sales.

In the carmaker’s case, factories around the world were shut down, turning the event into what is thought to have been the costliest cyber event in UK history, with an estimated price tag of £1.9bn .

Board oversight

Last year, MPs debated measures that would have mandated boards to “exercise oversight” of security for networks and IT.

Some MPs wanted the law included in a new cybersecurity and resilience bill, but government ministers said at the time that measures would be included in secondary legislation following consultations.

The bill will expand the number of organisations caught by the UK’s Network and Information Systems Regulations, which require the reporting of major incidents within 24 hours and give watchdogs new powers to identify “critical suppliers” to be subject to regulation.

Horne has issued warnings before. In the foreword to the NCSC’s annual review last year, he wrote that cybersecurity was “critical” to “business longevity and success”.

He added that for “too long cybersecurity has been regarded as an issue predominantly for technical staff.

“This must change. All business leaders need to take responsibility for their organisations’ cyber resilience.”