UK Firms Urged to Sign Cyber Resilience Pledge

The government is asking businesses across the UK to treat cyber security as an everyday responsibility, not a technical extra. In a new announcement on gov.uk, ministers said organisations should prepare for faster, more disruptive attacks, especially as AI tools make it easier for criminals to spot weaknesses and scale up scams, break-ins and service outages. That matters beyond company profits. When cyber defences fail, it is not only offices and inboxes that are hit. Energy networks, water systems, healthcare services and data centres can all feel the knock-on effect, which is why this story is really about public resilience as much as business risk.

At the centre of the plan is a new Cyber Resilience Pledge, due to launch later this year. The Department for Science, Innovation and Technology says organisations signing it will be asked to do three practical things: make cyber security a board-level issue, join the National Cyber Security Centre's free Early Warning Service, and expect Cyber Essentials certification across their supply chains. **What this means:** cyber security is no longer something to leave with one overstretched IT team. The message from government is that leaders should own the risk, suppliers should meet a common baseline, and businesses should get warnings early enough to act before a bad day becomes a crisis.

Ministers have already written to some of the UK's biggest companies, asking them to commit, and the government says it is putting £90 million behind work to improve cyber resilience across the economy. That sounds sizeable, but the harder test will be whether organisations, especially smaller ones, have the time, staff and budget to turn a public pledge into routine practice. The same announcement says the Cyber Security and Resilience Bill will keep moving through Parliament after the King's Speech. The aim is to give stronger protection to critical national infrastructure and reduce disruption to services people rely on every day. If you have ever wondered what a cyber law is really for, this is the plain answer: keeping the lights on, the water running, appointments bookable and data available when people need them.

The figures published alongside the announcement help explain why ministers are talking so confidently about the sector. According to the government's cyber security sector analysis, UK cyber security revenue rose by 11% over the last year to £14.7 billion. The number of firms grew by 20% to 2,603, and the sector added 2,300 jobs. There is a useful lesson here. Growth in cyber security can be good news because it means more skilled work and more home-grown expertise. But it also tells you something uncomfortable: demand rises when threats rise. A bigger cyber sector is not proof that the country is safe. It is proof that protection has become a serious economic need.

That need is becoming more urgent because AI changes the speed of cyber attacks. Ministers say new AI models are lowering the barrier for criminals, helping them find vulnerabilities and carry out attacks at a scale that would have been far harder even a year ago. Government figures also say 43% of UK businesses experienced a cyber breach or attack in the past year, which is a reminder that this is not a distant problem affecting only giant companies. The government's AI Security Institute has been studying advanced models including Mythos and GPT 5.5 to understand their cyber capabilities. The wider point is easy to miss if you only read the headlines: old-style cyber defence, on its own, is no longer enough. Organisations need systems that can spot trouble quickly, limit damage and recover well, because prevention will not be perfect.

The UK is presenting itself as unusually prepared in this area. The announcement points to the AI Security Institute as a specialist body for testing frontier AI systems, while the National Cyber Security Centre, part of GCHQ, continues to publish practical guidance for organisations. Ministers are also encouraging chief executives to work with British cyber start-ups, including firms building memory-safe systems designed to reduce common software weaknesses. There is commercial momentum here too. The government says the number of UK firms offering cyber products or services for AI rose by 68% in 2025 compared with the year before. For readers trying to make sense of that figure, the message is simple: AI is not only creating new risks. It is also creating a new market in tools, testing and defensive services.

Cyber Security Minister Baroness Lloyd described cyber security as basic to growth, jobs and the resilience of everyday services. That is the government's case in one sentence: stronger defences protect the economy and the public at the same time. It is a fair argument, but it only works if organisations treat cyber resilience as a habit rather than a slogan. **What this means for you:** if you work in a school, college, charity, local business or public service, this story is not really about Westminster language or ministerial letters. It is about who in your organisation owns cyber risk, whether you get early warnings, and whether the people you buy from meet basic standards. The Common Room test is a simple one: can your organisation take a hit, keep going and protect the people who depend on it?