Ministerial Letter on Cyber Security

by Marcus Liu - Business Editor
0 comments

70 Whitehall
London
SW1A 2AS

13 October 2025

Dear CEO / Chair,

Making cyber Security a Board Responsibility

Antagonistic cyber activity in the UK is increasing in intensity, frequency, and sophistication. This is causing significant financial and social harm to UK businesses and citizens. There’s a direct and active threat to our economic and national security, and it requires an urgent collective response.

The government is taking significant action to counter the cyber threat and has developed tools to help businesses defend themselves. But we can’t do this alone. We ask you, and the CEOs and chairs of othre leading UK companies, to take the necessary steps to protect your business and our wider economy from cyber attacks. Cyber resilience is a critical enabler of economic growth,so getting this right will promote growth and foster a stable environment for investment and innovation.

Recent high-profile cyber incidents demonstrate how attacks can seriously disrupt operations and damage profitability. In today’s increasingly hostile landscape,organizations recover better from incidents when they’ve planned for the worst and rehearsed their business continuity and recovery plans.

With that in mind, we have three specific requests that will promptly improve your resilience to cyber attacks:

1. Make Cyber Risk a Board-Level Priority Using the Cyber Governance Code of Practice

Effective governance of cyber risk is basic to business resilience. Executive and non-executive directors should prioritize this and ensure it’s considered in strategic decision-making.

The government’s Cyber Governance Code of Practice, developed with industry leaders, outlines critical actions boards and directors should take to govern cyber risk effectively. We urge you and your Board to use this Code to ensure your organization is sufficiently protected. The Code is supported by free training, which we encourage all Board members to complete to strengthen their oversight.

Not all cyber attacks can be prevented. A critical part of good governance is rehearsing how you would…

Related Posts

Leave a Comment