LONDON — Britain’s security agencies are grappling with the most “contested and complex” threat environment in decades, one of the country’s most senior spies warned on Wednesday.

Speaking at the cybersecurity conference Predict Europe, Anne Keast-Butler — the first woman to lead the cyber and signals intelligence agency GCHQ — said there had been a quadrupling of the most significant cyberattacks over the past year. (Predict Europe is organized by Recorded Future, The Record’s parent company.)

“How that is manifesting itself in cyberspace is with a significant uptick in the level of attacks that we are looking at,” Keast-Butler told the audience.

“So we saw over four times as many attacks to September as we saw in the year to the previous September — four significant incidents a week that our teams at the National Cyber Security Center are dealing with,” she said. “The threat landscape [is] one of the most contested and complex that I’ve seen in my national security career of 30 years.”

Those attacks are coming “from all sorts of dimensions,” she added, describing “states cooperating with each other” as well as technological disruption being powered by advances in artificial intelligence, and the barrier to entry lowering for criminals engaging in financially-motivated cyberattacks.

Ransomware remains the most acute threat, she said. A spate of incidents in Britain this year have affected the retail chains Marks & Spencer, the Co-op and the luxury store Harrods in London.

The threat posed by Chinese espionage has also dominated recent news coverage in Britain, particularly following the collapse of a trial against two parliamentary workers suspected of selling information to Beijing’s spies. Keast-Butler stressed that the challenge posed by China is not new, although the context it takes place in has changed.

“When I first stood up at Cyber UK a couple of years ago, I absolutely pointed to the cybersecurity threat that we see in the UK from the Chinese Communist Party, and in August — with us and other international partners again — we called out three Chinese companies for the role they were playing in getting into critical systems,” she said.

“So I don't think it is new, and it's certainly a thing that we have in GCHQ made sure we're pivoting our resource to be able to combat that very capable cyber actor. I think the thing that has changed is our collective exposure to the internet, the importance that data and technology plays in all of our lives,” she said.

Echoing the call to action by her colleagues at the National Cyber Security Center (NCSC), which is a part of GCHQ, Keast-Butler stressed that she aimed to use a series of high-profile cyber incidents in Britain to drive forward awareness about the threat and how the country could respond to it.

“It also has changed the nature of the conversation in public, and for me, that feels like a really good opportunity to land a message about this being the time to act. Because I think previously, a lot of this conversation has happened among experts who already know it’s time to act,” she said.

“We all know that there are far, far, far more attacks that get stopped than the ones we’re focusing on. The question is whether that good work is good enough for the pace of change.”.

She confirmed that GCHQ, alongside the British government, had written to hundreds of chief executives at leading British companies to urge them to make sure cybersecurity was a board-level focus.

“How much time and attention does [cybersecurity] get at board level? Who's on the board asking the right questions, how much influence do people have when it comes to difficult investment decisions?” she asked.

Speaking just as an independent monitoring centre released estimates that a recent cyberattack against Jaguar Land Rover, which effectively shut down the company and its suppliers for more than a month, cost the British economy £1.9 billion ($2.5 billion), Keast-Butler stressed it was critical for companies to have adequate contingency plans in place.

“However good all of us are, there will be attacks,” she said. “So what happens when that happens to your company? Have you really tested that, are your plans printed on paper somewhere in case all of your systems really go down? How will you communicate with each other if you’re completely reliant on the system that you shut down?”

Turning to artificial intelligence, Keast-Butler said it was in the agency’s DNA — “going back to Alan Turing” — and GCHQ, as well as staff at MI6 and MI5, each had access to large language models to help them with their work.

She described three priorities for using AI inside the agency — to boost productivity and free analysts up for higher-value work; to embed “secure by design” principles in new AI systems; and to understand how adversaries are exploiting the technology to enhance their attacks.

“Automation is really key. Where do you absolutely have to have a human in the loop, and where can you take humans out of the loop?” she asked.

GCHQ’s assessment is that those kinds of technological changes will overall provide a net benefit because “there are things that computers can spot, anomalies, that the human eye will miss.”

But the changes AI will drive in cybersecurity won’t be smooth and linear, she said: “It'll be bumpy, and there'll be some uneven bits where the bad guys get the upper hand, because of what they can do with new tooling that our ethical approach will have prevented us. 

“But we will get there.”