.jpeg)
Companies should prepare to work without their IT systems at all, the UK’s cyber security chief has warned amid a surge in the number of hacks.
“Every organisation” should prepare for a potential attack including by planning for operating without technology, said Richard Horne, the chief executive of the National Cyber Security Centre.
The warning comes amid a drastic increase in the number of “nationally significant” cyber attacks, and hacks that have taken down M&S and Jaguar Land Rover, leaving them without key systems for weeks.
“From local coffee shops to providers of critical national infrastructure, every organisation must understand their exposure, build their defences and have a plan for how they would continue to operate without their IT (and rebuild that IT at pace) were an attack to get through,” Horne wrote in the foreword to a new report.
The National Cyber Security Centre (NCSC) - part of GCHQ - dealt with 204 "nationally significant" attacks in the 12 months to the end of August 2025, up from 89 in the previous year.
The Government has now written to chief executives and chairs of leading businesses - including all FTSE350 companies - highlighting the importance of government and bosses working together to protect the UK economy.
The letters, signed by Ms Kendall, Chancellor Rachel Reeves, Business Secretary Peter Kyle, security minister Dan Jarvis and the heads of the NCSC and National Crime Agency, calls on bosses to take "concrete actions" to manage cyber risks.
Ms Kendall said: "We've seen first hand the disruption caused by cyber attacks on major British companies, hitting their bottom line and putting jobs at risk.
"The Government stands ready to help, but cyber security is an issue that demands leadership both from chief executives and right across the boardroom."
NCSC chief executive Richard Horne said: "Cyber security is now a matter of business survival and national resilience.
"With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.
"The best way to defend against these attacks is for organisations to make themselves as hard a target as possible.
"That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now."
Company bosses have been urged to make cyber resilience a board-level responsibility as recommended by the cyber governance code of practice, sign up for the NCSC's early warning system and use the cyber essentials scheme to put protections in place across supply chains.
The NCSC has also launched a new cyber action toolkit to help sole traders and small firms put basic security measures in place.
Additional reporting by agencies
.jpg?trim=0,0,0,0&width=1200&height=800&crop=1200:800)
.jpeg)
English (US) ·