M&S amongst first companies to signal UK authorities’s resilience pledge
Excessive road retailer Marks & Spencer, which fell sufferer to probably the most high-profile cyber assaults of 2025 when its IT techniques had been compromised by the Scattered Spider gang, is among the many first signatories to the UK authorities’s Cyber Resilience Pledge, which formally launches at the moment.
The Cyber Resilience Pledge is the centrepiece of a wider Nationwide Cyber Motion Plan designed to lift cyber safety requirements throughout the nation, and over 60 companies, together with many strategic authorities suppliers, have signed on.
In doing so, they’ve dedicated to taking sensible steps to strengthen their cyber posture – together with bettering board-level oversight, implementing provide chain safety greatest follow throughout their organisations by requiring suppliers to certify to the Nationwide Cyber Safety Centre’s (NCSC’s) Cyber Necessities scheme, and making higher use of different NCSC instruments, equivalent to its Early Warning service.
“Right this moment, a few of Britain’s greatest companies are taking motion to strengthen their cyber defences and setting a strong instance for others to comply with,” mentioned expertise secretary Liz Kendall. “By signing this pledge, they’re exhibiting that cyber resilience is now not simply an IT subject – it’s a enterprise crucial.
“Cyber assaults can disrupt providers, put clients’ knowledge in danger and have an actual influence on the underside line. As A [artificial intelligence] makes these threats extra refined and simpler to launch, no organisation can afford to face nonetheless.
“That’s why we’re working with companies to assist them strengthen their defences,” she mentioned. “The steps on this pledge are sensible, achievable and confirmed to make a distinction. Right this moment’s signatories are main the way in which, and I encourage organisations throughout the UK to comply with their instance.”
The pledge is solely voluntary, and though it’s designed for bigger organisations, it’s also open to small and medium-sized enterprises (SMEs) of all stripes if desired, mentioned the federal government. Different signers thus far embrace accounting and consultancy giants Accenture and Deloitte, broadcaster ITV, constructing society Nationwide, tech corporations equivalent to Cloudflare, Microsoft and Vodafone, and trade physique TechUK.
Julian David, CEO at TechUK mentioned: “We now have lengthy held the view that cyber resilience is a vital enterprise and organisational enabler. It underpins our development, our financial safety, and the protection and safety of our individuals. With the common value of serious cyber-attacks to the UK economic system just lately estimated to be £14.7bn yearly – the equal of 0.5% of our GDP – it’s clear that cyber safety and resilience should be recognised as a management accountability and will now not be seen as an IT subject alone.
“We’re, subsequently, proud signatories of the federal government’s Cyber Resilience Pledge, committing to the sensible actions set out for our personal organisation in addition to persevering with to champion, extra extensively, accountability for cyber threat on the board stage,” he mentioned.
The NCSC additionally threw its weight behind the pledge, urging organisations of each measurement to urgently concentrate on their safety measures within the truth of such a rapidly-evolving risk panorama. It emphasised that regardless of the arrival of AI, elementary cyber hygiene measures stay largely unchanged.
The GCHQ-backed company mentioned the three core actions enshrined within the pledge had been achievable, sensible steps that if adopted at scale throughout the nation, would doubtless have a measurable influence on resilience throughout the economic system.
Plan of motion
In the meantime, work continues at Westminster on the broader Nationwide Cyber Motion Plan, which is able to ultimately set out precisely how the federal government will work with the expertise trade to guard the UK’s pursuits from cyber threats, together with investing in AI-powered defences, adopting different new, safe applied sciences, and bettering authorized cures for cyber offences, within the Nationwide Safety Invoice, which additionally contains reform of the outdated Pc Misuse Act of 1990.
The Division for Science, Innovation and Know-how has additionally been engaged on a Authorities Cyber Constitution alongside 39 strategic suppliers – all of which have been invited to signal the pledge as a primary dedication to bolstering resilience.

