More than 60 businesses have signed a government-backed pledge to strengthen their cyber security as ministers seek to improve resilience against a growing volume of cyber attacks targeting the UK economy.
The Cyber Resilience Pledge, launched at 10 Downing Street on Tuesday, has attracted founding signatories including M&S, Nationwide, ITV, Microsoft UK, Cloudflare, Deloitte, Accenture UK and Vodafone. The initiative forms part of the government’s forthcoming National Cyber Action Plan, which aims to strengthen cyber resilience across both the public and private sectors.
The launch comes as cyber attacks continue to increase in scale and sophistication. More than five million cyber crimes were committed against UK businesses over the past year, according to government figures, while the National Cyber Security Centre (NCSC) handled 204 nationally significant incidents in the year to September, compared with 89 the previous year.
The government estimates that significant cyber attacks cost UK organisations £14.7bn annually, with the average major incident costing an individual business almost £195,000.
Ministers also warned that advances in artificial intelligence are changing the nature of cyber threats. While AI is improving organisations’ defensive capabilities, it is also enabling attackers to identify software vulnerabilities and develop malicious code more quickly and at greater scale.
Under the voluntary pledge, participating organisations commit to making cyber security a board-level responsibility, registering for the NCSC’s Early Warning service, and adopting a risk-based approach to requiring government-backed Cyber Essentials certification across their supply chains.
The initiative has been designed primarily for medium-sized and large organisations, although businesses of all sizes are able to participate.
The pledge will also support the government’s work with its strategic suppliers. More than 20 of the government’s 39 largest suppliers have joined the first group of signatories, with ministers encouraging further organisations to participate.
Technology Secretary Liz Kendall said cyber resilience had become a business issue rather than simply an IT concern, arguing that organisations needed to strengthen their defences as AI made attacks more sophisticated and easier to carry out.
The National Cyber Action Plan, due to be published later this year, is expected to set out further measures to improve the UK’s cyber resilience, including greater use of AI-powered security tools and closer collaboration between government and industry.