UK firms sign Cyber Resilience Pledge amid rising AI threats

Major firms joined the Cyber Resilience Pledge as UK ministers warned of rising cyber threats.

Business and cybersecurity teams reviewing board-level cyber resilience and supply-chain security under the UK Cyber Resilience Pledge

The UK government has launched a voluntary Cyber Resilience Pledge, with more than 60 businesses and strategic government suppliers committing to strengthening their cyber defences.

Founding signatories include companies from retail, finance, media, technology and utilities, including M&S, Nationwide, ITV, Microsoft UK, Cloudflare, Deloitte, Accenture UK, Vodafone Group and VodafoneThree.

The pledge asks organisations to take three practical steps: make cybersecurity a board-level responsibility, register for the National Cyber Security Centre’s Early Warning service and take a risk-based approach to requiring Cyber Essentials certification across supply chains.

The government said the pledge is designed mainly for medium and large organisations, but is open to organisations of all sizes and sectors.

Signatories will be asked to publish a signed pledge letter and provide an annual update on progress.

The launch comes ahead of the government’s National Cyber Action Plan, which is expected to set out further cooperation with industry on cyber resilience in the AI era.

According to the government, cyberattacks cost UK organisations an estimated £14.7 billion a year, while the NCSC handled 204 nationally significant incidents in the year to September, up from 89 the previous year.

Officials also warned that AI is lowering barriers for attackers by helping them find software weaknesses, write exploit code and scale attacks more quickly.

Why does it matter?

The pledge elevates cyber resilience to board-level corporate governance, rather than treating it solely as an IT function. Its supply-chain focus is also important because major cyber incidents often spread through vendors, service providers and connected business partners. By linking the pledge to AI-enabled threats, the UK government is signalling that basic cyber hygiene, governance and supply-chain assurance remain essential even as attacks become faster and more automated.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!