Boards are to be asked to sign a new Cyber Resilience Pledge in a bid to raise security standards in the country’s companies, at a time experts say the UK is facing a “perfect storm” of threats.

Companies signing the pledge will have to: show they’ve made cybersecurity a “board level” responsibility; register for the early warning service run by the National Cyber Security Centre (NCSC); and apply the Cyber Essentials certification across supply chains.

The pledge was launched at the CYBERUK conference in Glasgow this week. Cybersecurity minister Baroness Lloyd of Effra said she had written to 200 business leaders in the UK calling on them sign up.

“The cyber threat facing UK business is serious, growing and evolving fast,” she said. “AI is giving attackers capabilities that would have seemed extraordinary just a year ago, and no organisation can afford to be complacent.”

She added: “The three actions we’re asking companies take are practical, achievable and are proven to work—there is no good reason not to act.

“Cyber resilience isn’t just a technical issue; it’s a board responsibility, and we’re asking every boardroom in Britain to prove they treat it as one.”

AI-powered defence

At the conference, security minister Dan Jarvis said the government would call on AI companies to work with it to build defence capabilities powered by artificial intelligence.

Jarvis said: “Today I’m making a call to action for leading AI companies and UK innovators to work with the UK government to build AI cyber defence capabilities.

“We’ve already made the UK a top destination for AI investment and want to take this a step further in a generational endeavour to protected the UK from a new era of threats.”

At the same conference, Richard Horne, chief executive of the NCSC, said the advent of AI and geopolitical conflict has created a “perfect storm” of threats for the UK, creating “tumultuous uncertainty”. This means “cyber security is the responsibility of everyone, whether they sit on the board or the IT help desk … cybersecurity is part of their mission.”

There have been growing concerns about cybersecurity at companies in the UK. The NCSC now estimates the majority of attacks come from national actors. Last year, Jaguar Land Rover was hit by an attack thought to be the largest of its kind in UK history costing an estimated £1.9bn.

It was not the only high-profile attack on a company. Marks & Spencer was also hit in an attack estimated to have cost £100m in retail sales.

Earlier this year, MPs briefly considered mandating a formal boardroom responsibility for cybersecurity as part of ongoing discussions of a new cybersecurity and resilience bill. However, ministers said at the time the issue would be covered by a consultation looking at secondary legislation.