UK Urges Firms to Sign Cyber Resilience Pledge
UK government invites companies to sign a Cyber Resilience Pledge requiring board-level cyber responsibility, NCSC Early Warning enrollment and Cyber Essentials, backed by £90 million.
The UK government is urging companies to sign a Cyber Resilience Pledge that will make cybersecurity a board-level responsibility, require enrollment in the National Cyber Security Centre’s (NCSC) free Early Warning Service and mandate Cyber Essentials certification across supply chains. The pledge is due to launch later this year and is aimed primarily at medium and large organizations, though businesses of all sizes are invited to participate.
Under the pledge, signatories would place cyber risk on board agendas, connect to the NCSC Early Warning Service to receive threat alerts and ensure suppliers meet Cyber Essentials standards. Ministers have written directly to some of Britain’s largest companies inviting them to sign up, and officials are urging other organizations to review the requirements and commit. The government has allocated about £90 million to help firms carry out the necessary cyber reviews.
The government presented the pledge as part of an effort to raise national cyber standards as threats change. The Cyber Security and Resilience Bill is progressing through Parliament following the King’s Speech. The government has also established an AI Security Institute to analyze frontier AI systems; the institute has examined models including Claude Mythos and GPT 5.5. Ministers warned that traditional cyber defenses alone are no longer sufficient because AI can increase the scale and speed of attacks.
Baroness Lloyd, the cybersecurity minister, urged businesses to step up and take practical action, describing the pledge as intended to strengthen defenses, protect customers and help keep the UK secure and competitive.
New government figures released alongside the pledge show the UK cyber sector expanded 11% last year to an estimated £14.7 billion. There were 438 new cybersecurity firms, bringing the total to 2,603, a 20% year-on-year increase. Dedicated cyber companies raised about £184 million across 47 deals in 2025. Employment in the sector now equals roughly 69,600 full-time roles, up about 3% from the previous year, and the sector’s gross value added reached approximately £9.1 billion, a 17% rise.
The government says the pledge’s requirements aim to reduce systemic risk from weaker third parties by ensuring basic security certification across supply chains and by giving companies faster access to threat information through the NCSC Early Warning Service. Officials have issued guidance and publications to support signatories, including a report on AI and cybersecurity for organizations that commit to the pledge. The government says the funding and materials will help firms meet the standards and improve resilience before incidents occur.
Ministers continue to encourage medium and large organizations to sign up and expect the pledge to be available for firms to join when it launches later this year.
