NCSC emphasised the urgency of addressing systemic vulnerabilities, and criticised the minimal regulatory pressure on vendors.
The UK's National Cyber Security Centre has called for a strategic shift in national cybersecurity policy, expressing frustration over the government's continued delay in enacting new legislation.
In a blog post co-authored by CTO Ollie Whitehouse and principal technical director Paul W., the agency warned that current market incentives fail to promote the development of secure technology.
As reported by The Record, the NCSC emphasised the urgency of addressing systemic vulnerabilities, and criticised the minimal regulatory pressure on vendors.
Whitehouse argued that although secure products are technically achievable by 2025, commercial motivations to sustain them remain insufficient. Experts, including RUSI fellow Joe Jarnecki, noted that UK cybersecurity policy has historically favoured voluntary compliance over enforceable rules, allowing insecure practices to persist.
With no clear commitment from political leaders and critical legislation still pending, the NCSC's statement reflects growing concern over leaving cybersecurity largely in the hands of industry rather than enforcing accountability through law.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
