Government urges large enterprises to shore up defenses as NCSC warns UK faces four 'nationally significant' cyber attacks every week

UK government ministers have written to some of the country’s largest companies, urging them to shore up cybersecurity capabilities amidst a surge in high-profile attacks.

The letter, sent to the CEOs of all companies in the FTSE100 and FTSE250, as well as a number of other leading UK firms, calls on them to make cybersecurity a board responsibility.

Signed by technology secretary Liz Kendall, chancellor Rachel Reeves, business secretary Peter Kyle, security minister Dan Jarvis, and the heads of the NCSC and National Crime Agency, it points out that hostile cyber activity in the UK is becoming more intense, frequent, and sophisticated.

"The government is taking significant action to counter the cyber threat and has developed tools to help businesses to defend themselves, but we cannot do this alone," it reads.

"We ask you and the CEOs and chairs of other leading UK companies to take the necessary steps to protect your business and our wider economy from cyber attacks."

According to the letter, organizations should make cyber risk a board-level priority using the Cyber Governance Code of Practice and sign up to the NCSC’s Early Warning Service.

They should also implement Cyber Essentials and require it in their supply chain.

Notably, this certification scheme comes with an incentive: it includes automatic cyber liability insurance for any UK organization that certifies the whole organization and has less than £20 million annual turnover.

The advice comes as the National Cyber Security Centre (NCSC) revealed it dealt with a record 204 nationally significant cyber attacks in the year to September – more than twice as many as the 89 it handled in the previous 12 months.

n its latest Annual Review, the cyber agency said it dealt with 429 incidents in all, and that many were linked to Advanced Persistent Threat (APT) actors – either nation-state actors or highly-capable cyber criminal groups.

"The best way to defend against these attacks is for organisations to make themselves as hard a target as possible," said Dr Richard Horne, chief executive of the NCSC.

"That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now."

UK facing an onslaught of cyber threats

Over the last year, high-profile attacks have caused huge problems for firms including Marks and Spencer (M&S), the Co-op Group, Harrods, and Jaguar Land Rover (JLR).

As part of the NCSC report, Shirine Khoury-Haq, CEO of the Co-op Group, warned businesses to do all they can to avoid falling victim to the same fate.

"The attack has had a significant impact on me, my colleagues and on our members. I will never forget the strain it put on those people making it right, or the concern it has given our members, to whom I answer," she wrote.

"While the security of your systems will no doubt remain on your radar, please continue to account for the fact that the timing and nature of a cyber attack like this is unpredictable. New challenges will always emerge and threats to corporate infrastructures will never stop."

Backing up the government's advice, the NCSC is urging smaller firms to take action too. Its new Cyber Action Toolkit is designed to help sole traders and small organizations put in place some of the basic cybersecurity measures that help guard against the most common cyber threats.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

• How to choose the best cyber vendor for your business
• The best online cybersecurity courses
• The ultimate guide to starting a career in cybersecurity