top of page
Search

CYBERUK 2026 Highlights


CYBERUK 2026, held in Glasgow at the SEC from April 21–23, 2026, marked a decade of the NCSC’s flagship event. Under the theme "The Next Decade: Accelerating Our Cyber Defence," the conference focused on the rapid evolution of AI, the closing window for post-quantum migration, and the shifting tactics of nation-state actors.


🛡️ Key Headlines & Major Announcements

1. Defending Against "Covert Networks" (China-Linked Threats)

The NCSC, alongside 15 international partners, launched a major new advisory on Day Two regarding China-linked threat actors.


  • The Threat: Actors are increasingly using "covert networks"—systems comprised of compromised home routers and IoT devices—to mask their origins and maintain persistent access to critical infrastructure.


  • IOC Extinction: A key warning was issued regarding "Indicator of Compromise (IOC) extinction," where traditional signs of a breach disappear as fast as they are discovered, requiring a shift toward behavioral-based defense.


2. The Post-Quantum "Squeeze"

A major talking point was the acceleration of post-quantum cryptography (PQC) timelines.


  • Window Shrinking: With the UK government’s 2028 cryptographic audit deadline approaching, and tech giants like Google and Cloudflare moving their own security deadlines forward to 2029, firms were warned that the time to act is now.


  • Harvest Now, Decrypt Later: Richard Horne (NCSC CEO) warned that nation-states are currently harvesting encrypted data with the intent to decrypt it once quantum computing matures.


3. Agentic AI & "Active Inertia"

The conference tackled the double-edged sword of Artificial Intelligence through several high-profile sessions:


  • Agentic AI: Discussions focused on whether autonomous AI agents are the only way to scale defense at the speed required to counter AI-driven attacks.

  • AI Achilles’ Heel: A closed-media workshop explored how AI models themselves are being hacked via prompt injection and data poisoning.


📊 Conference Highlights at a Glance

Feature

Details

Location

SEC, Glasgow (The 10th Anniversary venue)

Attendance

2,500+ delegates; 150+ exhibitors

Primary Theme

Accelerating defense for the next 10 years

Key Track

Resilience Plenary – Focused on engineering systems to survive compromises rather than just preventing them.

🔍 Notable Sessions & Tracks

  • Voices from the Breach: A series of invite-only sessions where victims of major cyberattacks shared raw, unfiltered lessons on recovery and communication failures.


  • Making Scotland a Hard Target: Highlighted Scotland’s specific initiatives in building a "cyber-resilient nation" as a blueprint for small-to-medium economies.

  • Tech Talks (Redefined): Formerly "Technical Masterclasses," these moved to a 600-seat auditorium to dive deep into the scientific approach to cyber security and empirical evidence for control efficacy.


📢 The CEO’s Warning

In his keynote, Richard Horne described the current era as one of "tumultuous uncertainty." He emphasized that while AI is a game-changer for detection, the "nationally significant" threats facing the UK still primarily stem from the geopolitical interests of China, Russia, and Iran. The message was clear: the next decade of defense cannot rely on the tools of the last decade.



 
 
 

Comments

bottom of page