Privacy & Information Security Law Blog

On October 14, 2025, the UK government announced a coordinated effort by senior ministers and security officials to urge top UK businesses to improve their cybersecurity defenses. In a letter sent to all FTSE100 and FTSE250 companies, as well as other prominent UK businesses, officials emphasized the need for immediate and robust action to confront evolving cyber threats.

In the letter, the UK government stressed that cyber attacks are becoming increasingly more sophisticated and frequent, and have the potential to inflict substantial damage on UK businesses and the wider public. In the letter, the UK government suggests that cyber resilience is a critical enabler of economic growth and strongly encourages UK businesses to make cyber resilience a strategic priority to better protect themselves, their stakeholders, and the UK economy from escalating digital threats.

The UK government’s letter encourages organizations to take action in the following three areas to bolster their resilience against cyber attacks:

• Elevate Cyber Risk to Board-level Priority: Organizations are urged to integrate cyber risk management into strategic decision-making. In particular, the UK government encouraged organizations to use the Cyber Governance Code of Practice as a framework, and regularly plan and run exercises to ensure they can maintain operations and recover swiftly following a severe cyber incident.
• Enroll in the NCSC’s Early Warning Service: Organizations should sign up for the free National Cyber Security Centre (“NCSC”) Early Warning service, which provides registered organizations with alerts of potential cyber attacks on their network.
• Adopt Cyber Essentials Certification Across Supply Chains: Organizations are encouraged to require Cyber Essentials certification within their supply chains to ensure suppliers have sufficient cyber protections in place to guard against common attacks.

Read the press release here and the letter here.