UK’s Cyber Resilience Pledge gathers momentum as 60 firms sign up to bolster capabilities
The voluntary pledge sees organizations tightening up their defences, particularly against supply-chain attacks
The UK government said more than 60 businesses have signed up for its Cyber Resilience Pledge so far, including M&S, Nationwide, ITV, Microsoft UK, and Cloudflare.
Announced in May, the voluntary scheme sees businesses committing to three concrete actions to improve cybersecurity capabilities.
They must commit to making cyber security a board-level responsibility, by implementing the Cyber Governance Code of Practice and ensuring all board members complete the NCSC’s Cyber Governance Training.
They must also register for the NCSC’s free Early Warning service, a tool that alerts organizations to potentially suspicious activity on their networks, and commit to taking a risk-based approach to requiring the government-backed Cyber Essentials certification across their supply chain.
The pledge has been designed primarily for medium and large organizations, with other signatories including Deloitte, Accenture UK, Vodafone Group, and VodafoneThree, but is open to businesses of all sizes and from all sectors.
"Today, some of Britain’s biggest businesses are taking action to strengthen their cyber defences and setting a powerful example for others to follow. By signing this pledge, they are showing that cyber resilience is no longer just an IT issue - it is a business imperative," said technology secretary Liz Kendall.
"The steps in this pledge are practical, achievable and proven to make a difference. Today’s signatories are leading the way, and I encourage organizations across the UK to follow their example."
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Cyber Charter to beef up critical services
Alongside the pledge, the government has been developing a Cyber Charter for 39 companies designated as strategic suppliers for delivering critical services to the government.
These organizations have been invited to sign the pledge as an initial commitment to bolstering their cyber resilience, although so far only a little more than half have done so.
"We have long held the view that cyber resilience is a critical business and organizational enabler. It underpins our growth, our economic security, and the safety and security of our people," said Julian David, CEO of techUK.
"With the average cost of significant cyber-attacks to the UK economy recently estimated to be £14.7 billion annually – the equivalent of 0.5% of our GDP – it’s clear that cyber security and resilience must be recognised as a leadership responsibility and should no longer be viewed as an IT issue alone."
Pledge targets national resilience
Moves to bolster national resilience capabilities come amidst an increase in malicious cyber activity in the UK.
The National Cyber Security Centre (NCSC) recently confirmed it handled 204 nationally significant incidents in the year to September, up from 89 the year before.
The average cost of an attack on an individual UK business now stands at almost £195,000, with the annual cost to organizations estimated at £14.7 billion - and that’s in addition to the costs of wider economic disruption.
Last year, experts estimated that the attack on Jaguar Land Rover (JLR) cost the UK economy roughly £1.9 billion, making it the most costly cyber incident in British history.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Hostile states behind three-quarters of UK critical infrastructure attacksNews NCSC CEO warns that with the rise of AI, the danger is only set to get worse
-
Goldilock Secure expands Irish channel presence through new Frame partnershipNews The agreement extends availability of the vendor's FireBreak technology as organizations face rising AI-driven cyber threats
-
NCSC urges organizations to shore up supply chain security practicesNews With attackers increasingly compromising open source packages to spread malware, organizations need to be on their guard
-
Russian hackers are weaponizing CRMs, Ukraine’s former foreign minister warnsNews Dr Dmytro Kuleba told IT leaders in London that everyday business software is being actively exploited by nation-states
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Wasabi ramps up EMEA channel push with focus on cyber resilienceNews The cloud storage vendor is expanding partner tools and integrations as AI-driven data growth and ransomware threats continue to rise
-
Why cyber resilience isn’t just a defence mechanism: How to create a secure foundation for innovation, tooSponsored Investing in a solid enterprise system that incorporates security by design lets you ensure business continuity while encouraging innovation at pace
-
UK government calls on firms to sign Cyber Resilience Pledge as security sector boomsNews With new figures showing a boom in the country's cybersecurity sector, the government calling on businesses to make the most of the industry’s expertise
