Cybercrime is no longer just an IT issue. It’s a threat to the UK economy, and it’s becoming a board-level priority.

That was the clear message from Security Minister Dan Jarvis at the launch of the National Cyber Security Centre’s (NCSC) 2025 Annual Review. His warning: businesses of all sizes need to strengthen their cyber resilience.

A rising threat

Over 200 serious cyber incidents were handled by the NCSC in the past year alone, more than double the year before. These aren’t isolated events. Attacks have affected businesses across all sectors, including household names like M&S, The Co-op and Jaguar Land Rover.

The reality is that cyber-attacks can cause major disruption, financial loss and reputational damage. And, while the headlines may focus on big brands, all businesses are vulnerable.

Support is available

The good news? There are tools available to help businesses take practical steps today:

• Cyber Action Toolkit: Designed to help sole traders and small firms take their first steps in protecting their systems and data.
• Cyber Essentials certification: A recognised badge showing that a business is protected against common threats. For small organisations (under £20m turnover), full certification also includes automatic cyber liability insurance.
• Early Warning service: Over 13,000 organisations now receive alerts about potential cyber-attacks, giving them valuable time to act.
• Takedown Service: Has removed over 1.2 million phishing campaigns, with half taken down within an hour.

Why this matters

Cyber security is no longer just a technical conversation, it’s a business-critical one. Financial loss is only part of the risk. The longer-term damage to customer trust, investor confidence and brand reputation can be far more costly.

Government ministers and security chiefs are now writing directly to CEOs of FTSE 100 and FTSE 250 firms, urging them to prioritise cyber risk at board level and join the Early Warning service. They’re also calling on companies to require Cyber Essentials certification in their supply chains, in response to the growing number of attacks via third-party providers.

What next?

If you haven’t reviewed your cyber security measures recently, now’s the time:

1. Start with the basics: Visit the NCSC website and make use of the Cyber Action Toolkit.
2. Consider Cyber Essentials certification: In view of the direction being encouraged, you may find that your customers start to expect that you hold this certification. You could also consider whether requiring it of your suppliers would benefit you.