UK government ministers have written to some of the country’s largest companies, urging them to shore up cybersecurity capabilities amidst a surge in high-profile attacks.
The letter, sent to the CEOs of all companies in the FTSE100 and FTSE250, as well as a number of other leading UK firms, calls on them to make cybersecurity a board responsibility.
Signed by technology secretary Liz Kendall, chancellor Rachel Reeves, business secretary Peter Kyle, security minister Dan Jarvis, and the heads of the NCSC and National Crime Agency, it points out that hostile cyber activity in the UK is becoming more intense, frequent, and sophisticated.
"The government is taking significant action to counter the cyber threat and has developed tools to help businesses to defend themselves, but we cannot do this alone," it reads.
"We ask you and the CEOs and chairs of other leading UK companies to take the necessary steps to protect your business and our wider economy from cyber attacks."
According to the letter, organizations should make cyber risk a board-level priority using the Cyber Governance Code of Practice and sign up to the NCSC’s Early Warning Service.
They should also implement Cyber Essentials and require it in their supply chain.
Notably, this certification scheme comes with an incentive: it includes automatic cyber liability insurance for any UK organization that certifies the whole organization and has less than £20 million annual turnover.
The advice comes as the National Cyber Security Centre (NCSC) revealed it dealt with a record 204 nationally significant cyber attacks in the year to September – more than twice as many as the 89 it handled in the previous 12 months.
n its latest Annual Review, the cyber agency said it dealt with 429 incidents in all, and that many were linked to Advanced Persistent Threat (APT) actors – either nation-state actors or highly-capable cyber criminal groups.
"The best way to defend against these attacks is for organisations to make themselves as hard a target as possible," said Dr Richard Horne, chief executive of the NCSC.
"That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now."
UK facing an onslaught of cyber threats
Over the last year, high-profile attacks have caused huge problems for firms including Marks and Spencer (M&S), the Co-op Group, Harrods, and Jaguar Land Rover (JLR).
As part of the NCSC report, Shirine Khoury-Haq, CEO of the Co-op Group, warned businesses to do all they can to avoid falling victim to the same fate.
"The attack has had a significant impact on me, my colleagues and on our members. I will never forget the strain it put on those people making it right, or the concern it has given our members, to whom I answer," she wrote.
"While the security of your systems will no doubt remain on your radar, please continue to account for the fact that the timing and nature of a cyber attack like this is unpredictable. New challenges will always emerge and threats to corporate infrastructures will never stop."
Backing up the government's advice, the NCSC is urging smaller firms to take action too. Its new Cyber Action Toolkit is designed to help sole traders and small organizations put in place some of the basic cybersecurity measures that help guard against the most common cyber threats.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- How to choose the best cyber vendor for your business
- The best online cybersecurity courses
- The ultimate guide to starting a career in cybersecurity
-
Google wants to take hackers to courtNews You don't have a package waiting for you, it's a scam – and Google is fighting back
-
How cyber leaders can communicate with the boardIn-depth With the cost of cyber attacks clearer than ever before, how can CISOs use this data to convince boards that cybersecurity is worth the investment?
-
Google wants to take hackers to court
News You don't have a package waiting for you, it's a scam – and Google is fighting back
-
Laid off Intel engineer accused of stealing 18,000 files on the way outNews Intel wants the files back, so it's filed a lawsuit claiming $250,000 in damages
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
-
When cyber professionals go rogue: A former ‘ransomware negotiator’ has been charged amid claims they attacked and extorted businessesNews The attackers are alleged to have demanded ransoms of up to $10 million
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
