CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom
NCC Group backs UK cyber resilience pledge at Downing

NCC Group backs UK cyber resilience pledge at Downing

Wed, 8th Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

NCC Group has signed the UK Government's Cyber Resilience Pledge and was among the founding signatories announced at a launch event in Downing Street.

The voluntary scheme asks organisations to take three steps: make cyber security a board-level responsibility, register for the National Cyber Security Centre's Early Warning service, and apply a risk-based approach to requiring Cyber Essentials certification across supply chains.

More than 60 businesses have backed the initiative across sectors including retail, financial services, media, utilities and technology. Other signatories named by the Government include M&S, Nationwide, ITV, Microsoft UK, Cloudflare, Deloitte, Accenture UK, Vodafone Group and VodafoneThree.

Developed by the Department for Science, Innovation and Technology, the pledge is aimed mainly at medium-sized and large organisations, though it is open to businesses of all sizes. It focuses on governance, accountability and supply chain controls as ministers push for wider adoption of basic cyber security practices.

Rising threat

The launch comes as cyber incidents remain a growing concern for British companies. Figures released alongside the initiative show that more than 5 million cyber crimes were committed against UK firms in the past year, while the National Cyber Security Centre handled 204 nationally significant incidents in the year to September, up from 89 a year earlier.

The economic toll is also significant. The average cost of a major cyber attack on a UK business is now close to £195,000, while the annual cost to organisations is estimated at £14.7 billion, excluding wider disruption across the economy.

Ministers and industry leaders are also highlighting the role of artificial intelligence in changing the threat landscape. While AI can help defenders identify risks, officials say it is also making it easier for attackers to find software weaknesses and produce exploit code more quickly.

For NCC Group, the move makes one of the UK's better-known cyber security consultancies an early backer of a government effort to push resilience beyond technical teams and into the boardroom. The first commitment requires signatories to implement the Cyber Governance Code of Practise and ensure all board members complete NCSC Cyber Governance Training.

The second commitment focuses on operational awareness through the NCSC's free Early Warning service, which alerts organisations to potentially suspicious activity on their networks. The third asks signatories to assess supply chain risk and decide where government-backed Cyber Essentials certification should be required.

Peter Vorley, Chief Commercial Officer at NCC Group, attended the launch on behalf of the company and said the measures reflected principles the business has supported for some time.

"It's a privilege to join government and industry leaders at 10 Downing Street to mark the launch of the Cyber Resilience Pledge. The initiative sends a clear signal that cyber resilience is now a strategic business priority, not just a technical concern.

As a signatory to the pledge, NCC Group is committed to putting its principles into practice. This includes continuing to strengthen cyber governance, embedding resilience at the highest levels of decision-making, and supporting stronger security standards across supply chains.

The actions set out in the pledge align closely with the principles NCC Group has long advocated for - stronger cyber governance, greater board engagement and a more resilient supply chain ecosystem. We welcome the Government's leadership in this area and look forward to supporting organisations as they strengthen their cyber resilience," Vorley said.

Early signatories are signalling to customers, investors and suppliers that cyber resilience should be treated as a core business issue rather than a narrow IT function, according to the Government. The emphasis reflects a wider policy shift towards assigning direct responsibility for cyber risk to company leadership.

Liz Lloyd, Cyber Security Minister, linked the scheme to the speed and scale of the current threat environment.

"As one of the first to sign the Cyber Resilience Pledge, NCC Group is sending a clear message to their customers, investors and supply chains that cyber resilience is a core part of how they do business.

The cyber threat facing the UK is serious, growing, and evolving fast because of AI. These first signatories are showing how the whole country needs to respond, by taking practical and achievable steps to bolster their cyber defences and secure everyone's growth and prosperity," Lloyd said.