The UK government has launched a voluntary Cyber Resilience Pledge, attracting 60 organizations including Marks & Spencer, one of last year's most prominent cyberattack victims in the retail sector. Technology Secretary Liz Kendall announced the initiative on Tuesday, positioning it as a framework for treating cybersecurity as a board-level business imperative rather than solely an IT concern. The pledge requires no enforcement but serves as a public commitment to improved security practices.
Signatories agree to three core commitments: elevating cybersecurity to board-level responsibility, enrolling in the National Cyber Security Centre's Early Warning service, and encouraging their supply chains to obtain Cyber Essentials certification or equivalent baseline security standards. Kendall emphasized that cyberattacks disrupt services, expose customer data, and damage financial performance, with artificial intelligence making attacks both more sophisticated and easier to execute.
The signatory list includes major UK corporations such as Aviva, Fujitsu, London Stock Exchange Group, Mastercard, Morrisons, Vodafone, and Microsoft UK. Capita, the outsourcing giant recently fined by the Information Commissioner's Office for a 2023 ransomware attack exposing over 6 million records, also joined. The company disclosed another incident earlier this year involving a pension portal that exposed civil servant personal information.
Several notable absences raise questions about the initiative's reach. Co-op, Harrods, and Jaguar Land Rover, all victims of significant cyberattacks in the past year, did not sign the pledge. Jaguar Land Rover received a £1.5 billion government-backed lifeline to protect its supply chain following weeks of recovery from a cyberattack. Their absence does not necessarily indicate poor security posture, but highlights the voluntary nature of the commitment.
Security professionals should note that the pledge carries no enforcement mechanism beyond public perception. Organizations can demonstrate commitment to improved cybersecurity practices by signing the pledge, joining the NCSC Early Warning service, and requiring supply chain partners to meet baseline security certifications. The initiative represents a government effort to normalize board-level cybersecurity governance across UK businesses, though its effectiveness will depend on voluntary adoption and genuine implementation rather than regulatory pressure.
Source: https://www.theregister.com/security/2026/07/07/governments-cyber-pledge-lands-60-signatories-including-ms-and-somehow-capita/5267554


