Skip to content
The Security Minister, Dan Jarvis, has urged business leaders to act now to strengthen their cyber resilience, warning that cybercrime is one of the biggest threats facing the UK economy.
Speaking at the launch of the National Cyber Security Centre’s (NCSC) 2025 Annual Review, he reminded businesses that cyber security is no longer just a technical issue – it’s a board-level one.
A growing threat
The numbers tell the story. The NCSC handled more than 200 serious cyber incidents in the past year – more than double the previous year. These are the types of incidents that can disrupt essential services, cause financial damage, or even threaten national security.
Big names like Marks & Spencer, The Co-op and Jaguar Land Rover have all faced attacks this year. But Jarvis was clear that businesses of all sizes can be affected by cyber-attacks.
Tools to help businesses
The good news is that practical help is available. NCSC is expanding its support for businesses of all sizes.
- Cyber Action Toolkit: Designed to help sole traders and small firms take their first steps in protecting their systems and data.
- Cyber Essentials certification: A recognised badge showing that a business is protected against common threats. For small organisations (under £20m turnover), full certification also includes automatic cyber liability insurance.
- Early Warning service: Over 13,000 organisations now receive alerts about potential cyber-attacks, giving them valuable time to act.
- Takedown Service: Has removed over 1.2 million phishing campaigns, with half taken down within an hour.
Why this matters for business owners
For many businesses, cybersecurity is often treated as a low-priority issue until something goes wrong. Jarvis encouraged that this approach change. He said, “It’s not a case of if you will be the victim of a cyber-attack, it’s about being prepared for when it does happen.”
Beyond any immediate financial cost, reputational damage can last far longer. Customers, suppliers and investors increasingly want to know that the businesses they work with are taking security seriously.
It’s not just an IT issue
Jarvis’s speech revealed that government ministers and security chiefs have written a letter to the CEOs of all companies in the FTSE 100 and FTSE 250, as well as a number of other leading UK firms.
The letter requests that these businesses make cyber risk a Board-level priority and sign up to NCSC’s Early Warning service.
Interestingly, the letter also requests that these companies require Cyber Essentials in their supply chain. This is because supply chain cyber-attacks are increasing, but it appears that only 14% of UK businesses assess the cyber risks posed by their immediate suppliers.
What to do next
If your business hasn’t reviewed its cyber protections recently, now’s the time.
- Start with the basics: Visit the NCSC website and make use of the Cyber Action Toolkit.
- Consider Cyber Essentials certification: In view of the direction being encouraged, you may find that your customers start to expect that you hold this certification. You could also consider whether requiring it of your suppliers would benefit you.
The message for business owners from the Minister’s speech is simple: act now, not later. Cyber security isn’t just an IT issue – it’s part of protecting your livelihood, your team and your reputation.
