Security Minister urges UK businesses to strengthen cyber resilience as a top priority amidst rising threats

In a recent speech on 14 October 2025 at the launch event for the National Cyber Security Centre’s (NCSC) Annual Review 2025, Security Minister Dan Jarvis called on UK business leaders to take urgent action to bolster their cyber resilience. The Minister warned that “cyber crime is one of the greatest threats to our economy, to our businesses, to the livelihoods of our workers” and that while the Government is providing more cyber security support than ever, there must be joint responsibility when it comes to combating this threat. Jarvis explained that this involves the private sector making cyber security a top priority and individual citizens stepping up to take personal responsibility for their cyber safety.

The speech forms part of the Government’s wider National Cyber Strategy, which aims through the NCSC to make the UK “the safest place to live and work online.” This comes amidst an alarming growth in cyber attacks on businesses and national infrastructure including Jaguar Land Rover, Marks & Spencer and the NHS. In the last year alone, the National Cyber Security Centre handled over 200 ‘nationally significant’ cyber incidents (up from 89 in the previous 12 months) where essential services were disrupted, or national security compromised. These were incidents which – in the most extreme cases – could have led to major economic consequences or loss of life. 

Notably, a substantial proportion of all incidents handled by the NCSC last year were linked to Advanced Persistent Threat (APT) actors - either nation-state actors or highly capable criminal groups. 

How is the Government supporting businesses

The Government, through the NCSC, already provides a number of tools to help support and prepare UK businesses against cyber attacks. These apply to businesses of all sizes from SMEs to larger corporations and include:

1. A new Cyber Action Toolkit - launched on 14 October 2025 to empower sole traders and small businesses to take their first steps towards cyber protection and put secure foundations in place (see Cyber Toolkit).

2. The ‘Cyber Essentials’ certification scheme - to evidence that your organisation has taken measures to protect itself from common cyber threats and provides automatic cyber liability insurance to UK organisations which certify their whole organisation and have less than £20 million annual turnover.

3. The ‘Early Warning’ service - giving over 13,000 organisations free access to information on potential cyber attacks.

4. NCSC’s ‘Takedown Service’ - which has successfully removed over 1.2 million phishing campaigns from the internet with over half being taken down in the first hour following detection.

Security Minister’s plea to businesses

Jarvis reiterated the importance of collaboration between the Government and industry, noting that the Government cannot do it alone.

The Minister confirmed that a letter has been sent to the chief executives and chairs of leading businesses – including all FTSE 350 companies highlighting the very real cyber threat to businesses and how investing in cyber security could present an opportunity for businesses to invest in their reputation, stability and growth.

The cyber attack affecting Synnovis last June, which resulted in a £32 million loss and the postponement of over 11,000 medical appointments, underscores the devastating financial and reputational consequences of a cyber attack.

Jarvis emphasised the need for cyber security to be treated as a board-level priority and that for too long “cyber security has been the concern of middle management … and only gets escalated to the seniors in a crisis.”

Key takeaways for businesses:

1. Cyber threats are escalating, and all organisations are potential targets. Organisations need to recognise that a breach is a question of ‘when’, not ‘if’.

2. Leadership engagement is critical – cyber security should be treated as a strategic priority and embedded into board-level governance and decision-making.

3. Collaboration with government bodies, such as the NCSC, can provide valuable support and guidance.

4. Adopting recognised frameworks, such as Cyber Essentials, can help mitigate risks and demonstrate commitment to best practice.

Comment

Jarvis’ call to action highlights the dynamic and fast-evolving nature of cyber threats and the shared responsibility of the Government and businesses to protect the UK’s economy. The message is clear that cyber resilience is an urgent priority at both the organisational and national level. By taking proactive steps now, organisations can mitigate the risks of costly breaches and contribute to national security resilience.

For advice on how to protect your organisation and build resilience against cyber attacks, please contact Hamish Corner, Madelin Sinclair McAusland, Amanda Leiu, Justin Barrow or a member of Burges Salmon's Commercial & Technology team. 

This article was written by Fraser Campbell and Amanda Leiu.