UK government ministers have written to some of the country’s largest companies, urging them to shore up cybersecurity capabilities amidst a surge in high-profile attacks.
The letter, sent to the CEOs of all companies in the FTSE100 and FTSE250, as well as a number of other leading UK firms, calls on them to make cybersecurity a board responsibility.
Signed by technology secretary Liz Kendall, chancellor Rachel Reeves, business secretary Peter Kyle, security minister Dan Jarvis, and the heads of the NCSC and National Crime Agency, it points out that hostile cyber activity in the UK is becoming more intense, frequent, and sophisticated.
"The government is taking significant action to counter the cyber threat and has developed tools to help businesses to defend themselves, but we cannot do this alone," it reads.
"We ask you and the CEOs and chairs of other leading UK companies to take the necessary steps to protect your business and our wider economy from cyber attacks."
According to the letter, organizations should make cyber risk a board-level priority using the Cyber Governance Code of Practice and sign up to the NCSC’s Early Warning Service.
They should also implement Cyber Essentials and require it in their supply chain.
Notably, this certification scheme comes with an incentive: it includes automatic cyber liability insurance for any UK organization that certifies the whole organization and has less than £20 million annual turnover.
The advice comes as the National Cyber Security Centre (NCSC) revealed it dealt with a record 204 nationally significant cyber attacks in the year to September – more than twice as many as the 89 it handled in the previous 12 months.
n its latest Annual Review, the cyber agency said it dealt with 429 incidents in all, and that many were linked to Advanced Persistent Threat (APT) actors – either nation-state actors or highly-capable cyber criminal groups.
"The best way to defend against these attacks is for organisations to make themselves as hard a target as possible," said Dr Richard Horne, chief executive of the NCSC.
"That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now."
UK facing an onslaught of cyber threats
Over the last year, high-profile attacks have caused huge problems for firms including Marks and Spencer (M&S), the Co-op Group, Harrods, and Jaguar Land Rover (JLR).
As part of the NCSC report, Shirine Khoury-Haq, CEO of the Co-op Group, warned businesses to do all they can to avoid falling victim to the same fate.
"The attack has had a significant impact on me, my colleagues and on our members. I will never forget the strain it put on those people making it right, or the concern it has given our members, to whom I answer," she wrote.
"While the security of your systems will no doubt remain on your radar, please continue to account for the fact that the timing and nature of a cyber attack like this is unpredictable. New challenges will always emerge and threats to corporate infrastructures will never stop."
Backing up the government's advice, the NCSC is urging smaller firms to take action too. Its new Cyber Action Toolkit is designed to help sole traders and small organizations put in place some of the basic cybersecurity measures that help guard against the most common cyber threats.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- How to choose the best cyber vendor for your business
- The best online cybersecurity courses
- The ultimate guide to starting a career in cybersecurity
-
Alteryx names former Salesforce, Oracle strategist as new global technology alliances leadNews The former Salesforce and Oracle leader will spearhead Alteryx’s partner strategy as the vendor targets deeper ecosystem collaboration
-
Microsoft launches Fara-7B, a new 'agentic' small language model that lives on your PCNews The new Fara-7B model is designed to takeover your mouse and keyboard
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
