UK’s leading bosses urged to act on protecting against cyber attacks

Bosses of the UK’s leading companies have been urged to take action to protect themselves from cyber attacks as the number of major incidents hit a record level.

Technology Secretary Liz Kendall called on chief executives to take “immediate action” following incidents hitting household names including Marks and Spencer, Co-op and Jaguar Land Rover.

The National Cyber Security Centre (NCSC) – part of GCHQ – dealt with 204 “nationally significant” attacks in the 12 months to the end of August 2025, up from 89 in the previous year.

The Government has now written to chief executives and chairs of leading businesses – including all FTSE350 companies –  highlighting the importance of government and bosses working together to protect the UK economy.

The letters, signed by Ms Kendall, Chancellor Rachel Reeves, Business Secretary Peter Kyle, security minister Dan Jarvis and the heads of the NCSC and National Crime Agency, calls on bosses to take “concrete actions” to manage cyber risks.

Ms Kendall said: “We’ve seen first hand the disruption caused by cyber attacks on major British companies, hitting their bottom line and putting jobs at risk.

“The Government stands ready to help, but cyber security is an issue that demands leadership both from chief executives and right across the boardroom.”

NCSC chief executive Richard Horne said: “Cyber security is now a matter of business survival and national resilience.

“With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.

“The best way to defend against these attacks is for organisations to make themselves as hard a target as possible.

“That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.”

Company bosses have been urged to make cyber resilience a board-level responsibility as recommended by the cyber governance code of practice, sign up for the NCSC’s early warning system and use the cyber essentials scheme to put protections in place across supply chains.

The NCSC has also launched a new cyber action toolkit to help sole traders and small firms put basic security measures in place.