CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

British corporate office shield protecting network of computers servers digital defense
#
Supply Chain
#
Breach Prevention
#
Risk & Compliance

NCSC urges boards to prioritise cyber resilience amid 130% rise

Wed, 15th Oct 2025
Author image
By Shannon Williams, Journalist

The National Cyber Security Centre has urged organisations to prepare for continued operations and rapid recovery in the event of a successful cyberattack, as new data reveal an increase in both the frequency and severity of major incidents.

The advice comes as the NCSC's latest annual review reported a 130% rise in nationally significant cyberattacks compared to the previous year, alongside calls for business leaders to prioritise cyber resilience as a board-level issue.

NCSC warning

The NCSC's recommendations highlight organisational reliance on IT infrastructure for essential services and daily operations. The warning stipulates that companies must not only plan for prevention, but also for maintaining basic services without digital support and rebuilding systems rapidly if cyberattack defences are breached.

This heightened alert follows a pattern of damaging ransomware attacks and data breaches targeting public and private sector bodies over the past year, impacting supply chains and critical industries.

Gap between plans and readiness

Dan Lattimer, Area Vice President EMEA West at Semperis, emphasised that while many firms consider themselves prepared, actual response capabilities can fall short in practice.

"When businesses are hit by cyberattacks, resilience is the key to keeping operations running. Recently, Semperis research found a dangerous gap between organisations' perceived readiness and their real-world response capabilities. While 96% of companies say they have a cyber crisis response plan, seven in ten still experienced a material cyber event that halted critical business functions in the past year."

Lattimer highlighted issues such as uncoordinated processes, fragmented communication, and reliance on incompatible tools as contributing factors to poor real-world responses, regardless of documented plans. He acknowledged the government's guidance to keep physical or offline copies of response plans but argued that response speed and coordination remain vulnerable.

"Companies need a proper command centre for crisis management, ensuring they have the playbook, the training and the coordination needed to turn potential chaos into control when a cyberattack strikes," he added.

Board-level responsibility

Mike Maddison, Chief Executive Officer at NCC Group, stated that responding to these mounting threats requires active attention from company boards. Maddison welcomed the direct communication from government to senior executives, stating that business leaders must now regard cybersecurity as a matter of economic, not just technical, security.

"We strongly endorse the NCSC's call for cyber resilience to be treated as a Board-level priority and welcome the UK Government's decision to write directly to the CEOs and Chairs of major UK companies. This reinforces the critical message that business leaders must take responsibility for their organization's cyber posture."

Maddison noted that decisions currently made in boardrooms will determine the economy's resilience to future attacks, warning that explanations may soon be required not only for business stakeholders but for regulators and possibly the courts.

Supply chain and SME support

Maddison observed that increased risks and scrutiny are accompanied by new initiatives such as the Cyber Action Toolkit, aimed at supporting small and medium enterprises (SMEs) which may lack in-house cyber expertise and resources for advanced protections.

"SMEs are the backbone of our economy, yet many lack the resources for essential protections. NCC Group has long advocated for a national 'Digital Safety Net': Practical and proportionate support to help smaller organizations close this resilience gap," Maddison said.

The review also reiterated the need to address supply chain risks, with attackers increasingly targeting secondary providers to reach larger organisations. Maddison argued that true resilience depends on the ability to operate and recover from attacks, not just prevent them, and that organisations must map critical functions and recovery procedures as a priority.

Cross-sector cooperation

Maddison concluded that national resilience relies on coordinated, shared efforts across sectors. He pointed to collaborative initiatives such as Industry100 and CYBERUK as evidence of productive government-industry engagement, aimed at reducing threats to the UK's digital infrastructure.

With cyberattacks rising in number and complexity, the NCSC's call for action is seen as a timely reminder that every level of organisation, from executives to operational teams, must be engaged in both preparation and response. The combination of technical investment, clear planning, and regular executive oversight is presented as crucial to maintaining both business continuity and national security.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
UK adults unprepared for dark web data leaks, survey finds
Gen Z drives surge in UK tech subscriptions as ownership declines
Blackwired unveils AI-powered upgrades to predict cyber-attacks
Trustmarque & Ultima merge to form GBP £1 billion IT giant
Catherine Birkett joins Twinkl to chair Audit & Risk Committee

Top stories

EXOq research hub to boost Oxford region by GBP £1.4 billion
Geneva launches first citywide quantum network for research & industry
ECI launches AI Agent to streamline eCommerce operations & fraud detection
Sage launches AI agents & cloud platform to boost finance teams
Fortinet reports strong Q3 revenue growth & SASE adoption surge