Daniel - stock.adobe.com
M&S among first businesses to sign UK government’s resilience pledge
Marks & Spencer joins the likes of Accenture, Microsoft and Vodafone by committing to take practical steps to improve cyber standards through the government’s voluntary Cyber Resilience Pledge
High street retailer Marks & Spencer, which fell victim to one of the most high-profile cyber attacks of 2025 when its IT systems were compromised by the Scattered Spider gang, is among the first signatories to the UK government’s Cyber Resilience Pledge, which formally launches today.
The Cyber Resilience Pledge is the centrepiece of a wider National Cyber Action Plan designed to raise cyber security standards across the nation, and over 60 businesses, including many strategic government suppliers, have signed on.
In doing so, they have committed to taking practical steps to strengthen their cyber posture – including improving board-level oversight, implementing supply chain security best practice across their organisations by requiring suppliers to certify to the National Cyber Security Centre’s (NCSC’s) Cyber Essentials scheme, and making better use of other NCSC tools, such as its Early Warning service.
“Today, some of Britain’s biggest businesses are taking action to strengthen their cyber defences and setting a powerful example for others to follow,” said technology secretary Liz Kendall. “By signing this pledge, they are showing that cyber resilience is no longer just an IT issue – it is a business imperative.
“Cyber attacks can disrupt services, put customers’ data at risk and have a real impact on the bottom line. As A [artificial intelligence] makes these threats more sophisticated and easier to launch, no organisation can afford to stand still.
“That’s why we’re working with businesses to help them strengthen their defences,” she said. “The steps in this pledge are practical, achievable and proven to make a difference. Today’s signatories are leading the way, and I encourage organisations across the UK to follow their example.”
The pledge is entirely voluntary, and although it is designed for larger organisations, it is also open to small and medium-sized enterprises (SMEs) of all stripes if desired, said the government. Other signers so far include accounting and consultancy giants Accenture and Deloitte, broadcaster ITV, building society Nationwide, tech firms such as Cloudflare, Microsoft and Vodafone, and industry body TechUK.
Read more about UK cyber policy
- An FCA review of the use of artificial intelligence in retail finance follows MPs’ criticism of regulators.
- The UK’s national museums and galleries have failed to heed the lessons of high-profile cyber attacks and remain highly vulnerable. The Public Accounts Committee is calling on DCMS to do more to help.
- Amendment to the UK’s Cyber Security and Resilience Bill calls for the government to publish a ‘digital sovereignty strategy’ to promote domestic technology.
Julian David, CEO at TechUK said: “We have long held the view that cyber resilience is a critical business and organisational enabler. It underpins our growth, our economic security, and the safety and security of our people. With the average cost of significant cyber-attacks to the UK economy recently estimated to be £14.7bn annually – the equivalent of 0.5% of our GDP – it’s clear that cyber security and resilience must be recognised as a leadership responsibility and should no longer be viewed as an IT issue alone.
“We are, therefore, proud signatories of the government’s Cyber Resilience Pledge, committing to the practical actions set out for our own organisation as well as continuing to champion, more widely, accountability for cyber risk at the board level,” he said.
The NCSC also threw its weight behind the pledge, urging organisations of every size to urgently focus on their security measures in the fact of such a rapidly-evolving threat landscape. It emphasised that despite the advent of AI, fundamental cyber hygiene measures remain largely unchanged.
The GCHQ-backed agency said the three core actions enshrined in the pledge were achievable, practical steps that if adopted at scale across the country, would likely have a measurable impact on resilience across the economy.
Plan of action
Meanwhile, work continues at Westminster on the wider National Cyber Action Plan, which will eventually set out exactly how the government will work with the technology industry to protect the UK’s interests from cyber threats, including investing in AI-powered defences, adopting other new, secure technologies, and improving legal remedies for cyber offences, in the National Security Bill, which also includes reform of the outdated Computer Misuse Act of 1990.
The Department for Science, Innovation and Technology has also been working on a Government Cyber Charter alongside 39 strategic suppliers – all of which have been invited to sign the pledge as a first commitment to bolstering resilience.
