UK Government Launches Cyber Resilience Pledge, Claiming 60+ Signatories

Written by

The UK government has claimed over 60 businesses have signed up to a new initiative designed to improve the cyber resilience of British organizations.

The Cyber Resilience Pledge was first trailed at the government’s CYBERUK conference in Glasgow in April, alongside a £90m ($120m) cash injection.

Signatories now include Marks & Spencer, Nationwide, ITV, Microsoft UK, Cloudflare, Deloitte LLP, Accenture UK and Vodafone Group, the government claimed.

Read more: UK Cybersecurity Market Expands to £14.7bn with Strong Growth in AI Security Firms

The voluntary scheme requires signatories to commit to:

  • Making cybersecurity a board-level responsibility, by implementing the Cyber Governance Code of Practice and ensuring all members complete the NCSC’s Cyber Governance Training
  • Registering for the NCSC’s free Early Warning alert service
  • Taking a “risk-based approach” to requiring Cyber Essentials certification across their supply chain 

The pledge is designed mainly for medium and large organizations. However, the hope is that they will be able to improve baseline security posture across a much larger swathe of businesses by forcing suppliers to sign up to Cyber Essentials.

Whether that actually happens has yet to be seen. Data released last year revealed that only around 35,000 organizations were signed up to the best-practice cyber framework, out of over five million businesses across the country.

Businesses with a turnover of under £20m ($27m) that are Cyber Essentials certified are entitled to free cyber-liability insurance, including professional incident response support, the NCSC has reminded firms in the past.

A Multi-Pronged Approach

The pledge is one of several initiatives the government is pressing ahead with to try and improve corporate cyber resilience.

A Cyber Security and Resilience Bill will introduce new requirements for certain critical national infrastructure (CNI) providers and a new Cyber Action Plan aims to enhance resilience and accountability across central government.

The Cyber Governance Code of Practice is another voluntary effort, designed to help board members govern cyber risk the same way they treat other core business risks.

As part of its Cyber Resilience Pledge, the government announced a Cyber Charter with its 39 strategic suppliers, which invites them to sign up to the pledge. So far, 20 have done so.

“As AI reshapes both the threats we face and our response to them, stronger board-level accountability and supply chain security are how the UK stays ahead,” said Microsoft UK CEO, Darren Hardman.

“Microsoft has been a cybersecurity partner to the UK government for more than 20 years, and we’re proud to sign the Cyber Resilience Pledge, using AI to help defend the UK’s critical national infrastructure, public services and businesses against cyber-attacks.”

Technology secretary Liz Kendall added that cyber resilience has moved from an IT matter to a business imperative.

“The steps in this pledge are practical, achievable and proven to make a difference,” she added. “Today’s signatories are leading the way, and I encourage organizations across the UK to follow their example.”

What’s Hot on Infosecurity Magazine?