SecurityWorldMarket

28/10/2025

UK Government urges business to act now on cyber risks

London, UK

Earlier this month at the launch event for the National Cyber Security Centre's 2025 Annual Review, UK Government Security Minister Dan Jarvis gave a speech saying it is vital for business to take action now against cyber security risks.  He warned against complacency and highlighted that the technology and services we take for granted every day can be used against us. 

At the same time, the Security Minister also sent out a letter to all companies in the FTSE100 and FTSE250, as well as a number of other leading UK firms urging businesses to make cyber security a board priority.

In his speech at the event Mr Jarvis said, "We have seen – especially over the last couple of months – just how devastating these attacks can be. Marks & Spencer, The Co-Op and – of course – Jaguar Landrover are just some of the high street names which have been targeted by cyber attacks already this year. Behind each of those names are hundreds of employees, thousands more in their supply chain and millions of customers that rely on those goods and services.

The letter explains that hostile cyber activity in the UK is growing more intense, frequent and sophisticated, and that there is a direct and active threat to UK economic and national security which requires an urgent collective response.

According to Jarvis, the government is taking significant action to counter the cyber threat and has developed tools to help businesses to defend themselves, but he urges that the government cannot do this without help from the business community.  The letter urges CEOs and chairs of other leading UK companies to take the necessary steps to protect their business and the wider economy from cyber attacks.

Against this backdrop the government brings three specific requests which its says will have an immediate positive impact on cyber resilience to cyber attacks:

  • 1. Make cyber risk a Board-level priority using the Cyber Governance Code of Practice - Effective governance of cyber risk is fundamental to business resilience. Executive and nonexecutive directors should prioritise this and ensure it is considered in strategic decision-making.
  • 2. Sign up to the NCSC’s Early Warning service - Early Warning is a free service from the government’s National Cyber Security Centre which informs an organisation of potential cyber attacks on its network, which can give invaluable time to detect and stop a cyber incident before it escalates.
  • 3. Require Cyber Essentials in your supply chain -  Supply chain cyber attacks are increasing, yet just 14% of UK businesses assess the cyber risks posed by their immediate suppliers.

Cyber Essentials is a highly effective government-backed scheme which certifies that organisations have key cyber protections in place to prevent common cyber attacks. It is the minimum cyber security standard businesses should seek to obtain. Organisations with Cyber Essentials are 92% less likely to make a claim on their cyber insurance. The government already requires most of its suppliers to meet Cyber Essentials standards.

Finally, Dan Jarvis concludes in the letter. "Strengthening our nation’s cyber resilience requires close collaboration between government and industry. Our forthcoming Cyber Security and Resilience Bill will increase protections for essential and digital services. Whether or not your business is in scope, the NCSC’s Cyber Assessment Framework (CAF) can also be used to improve cyber resilience for your most critical services. Them three actions described above remain essential and can help achieve outcomes in the framework."

The three actions are based on learnings from previous attacks.  For smaller businesses, there is a free Cyber Action Toolkit available to help protect against cyber threats.


Tags
News from the startpage
Go to "Business News"  

Product Suppliers
Change market
Global North America Middle East United Kingdom Sweden Norway Denmark
Back to top