UK launches cyber 'lockdown' campaign as 80% of orgs face attacks
·5 min read
ListenUK launches cyber 'lockdown' campaign as 80% of orgs face attacks
0:00
2:28
Summary
UK businesses face frequent cyber incidents, yet most lack basic defenses. The government launched a campaign urging firms to adopt Cyber Essentials, as only 30% currently comply.
UK businesses face constant cyberattacks
The UK government launched a nationwide campaign today to force businesses to improve their digital defenses as new data reveals a massive gap in national cybersecurity. The latest Cyber Security Longitudinal Survey shows that 82 percent of UK businesses and 77 percent of charities experienced at least one cyber incident in the last year. These figures suggest that digital attacks are now a routine part of doing business in Britain. Officials are using the data to push a renewed adoption of the Cyber Essentials scheme, a government-backed certification designed to prevent the most common internet-based threats. The survey tracks the same organizations over several years to understand how their security postures change. It found that 54 percent of organizations reported the same frequency or impact of incidents across multiple years. This indicates that many companies are stuck in a cycle of vulnerability without making meaningful improvements to their infrastructure.Adoption of security standards remains low
Despite the high rate of attacks, only 30 percent of UK businesses currently follow the Cyber Essentials guidelines. While this is an increase from 23 percent in the previous study, it means seven out of ten companies still lack basic protections. Charities show similar struggles, with adoption rising from 19 percent to 28 percent. Ministers describe the Cyber Essentials framework as the digital equivalent of locking the front door. The government remains concerned that the gap between protected and unprotected firms is not closing fast enough to meet the rising threat level. The new public awareness campaign will target small and medium-sized enterprises (SMEs) through social media, podcasts, and radio. Officials want to dispel the myth that cybercriminals only target major corporations or high-value financial institutions.The five pillars of Cyber Essentials
The Cyber Essentials scheme focuses on five technical controls that can prevent the majority of "commodity" cyberattacks. These attacks typically involve automated tools that scan the internet for known vulnerabilities rather than targeting a specific company. The government urges all organizations to implement these five baseline protections:- Firewalls: Secure the internet connection by creating a buffer zone between the internal network and the public web.
- Secure configuration: Ensure that devices and software are set up to reduce vulnerabilities, such as changing default passwords.
- User access control: Limit access to data and services to only those who strictly need it for their job roles.
- Malware protection: Use up-to-date antivirus software and sandboxing to prevent malicious code from executing.
- Security update management: Apply software patches immediately to fix known bugs that hackers use to gain entry.
Small businesses are the primary targets
Cybersecurity minister Baroness Lloyd stated that no business is out of reach for modern cybercriminals. She emphasized that SMEs are particularly vulnerable because they often lack dedicated IT departments or large security budgets. Criminals often view smaller firms as easy entry points into larger supply chains. A breach at a small supplier can provide a pathway for attackers to reach the systems of much larger partner organizations. Lloyd noted that business owners work hard to build value, yet many assume they are too small to be noticed. The reality is that automated scripts do not care about the size of the company; they only care about whether the software is unpatched.Government offers free security resources
To encourage participation, the government is offering a suite of free tools and services for businesses that feel overwhelmed by technical requirements. These resources aim to remove the friction that often prevents small firms from seeking certification. The NCSC now provides an online "readiness check" that helps businesses assess their current security level before they apply for formal certification. Companies can also access free 30-minute consultations with assured advisors to discuss their specific risks. The government also released a preview of the full certification question set. This allows IT managers to review the requirements and prepare their systems without any initial financial commitment.Cost pressures hinder security progress
The longitudinal survey identified cost pressures and competing business priorities as the primary barriers to better security. Many firms view cybersecurity as a luxury expense rather than a core operational necessity. Governance and insurance coverage also vary widely across the UK business landscape. While some sectors have high rates of cyber insurance, many smaller firms remain completely uncovered and unprepared for the financial fallout of a ransomware attack. The government argues that the cost of certification is negligible compared to the average cost of a breach. A single successful phishing attack can result in thousands of pounds in lost revenue and permanent damage to a company's reputation.Certification provides a competitive advantage
Beyond basic protection, the Cyber Essentials badge is becoming a commercial requirement in the UK. The government requires this certification for any supplier bidding for contracts that involve the handling of sensitive personal information. Many private sector firms are now following suit by requiring their partners to hold the certification. This shift turns cybersecurity from a technical hurdle into a business enabler that helps firms win new contracts. The Cyber Essentials Plus tier offers an even higher level of assurance. This version involves a hands-on technical verification by a third-party auditor to ensure the controls are actually working as intended.The long road to national resilience
The UK aims to become a "cyber superpower," but the survey data shows there is still significant work to do at the grassroots level. Persistent unevenness in security practices leaves the national economy vulnerable to systemic shocks. Officials believe that consistent messaging and simplified tools will eventually move the needle on adoption. The goal is to make basic cyber hygiene as standard as fire safety regulations or physical office security. The government will continue to track these metrics through the longitudinal study to see if the new campaign successfully closes the gap. For now, the message to British business remains clear: check the locks before the attackers find the latch.Share
Related Articles
2 min read
Snyk CEO Peter McKay steps down, seeks AI-focused successor
Snyk CEO Peter McKay steps down, saying the company needs an AI-focused leader for its next phase. He'll stay until a successor is found.
3 min read
Your Email Is Likely on the Dark Web. Here's What to Do.
Your email on the dark web likely came from a data breach. Don't panic; it's common. Change passwords, enable two-factor authentication, and monitor accounts. Use email aliases to prevent future exposure.
Stay in the loop
Get the best AI-curated news delivered to your inbox. No spam, unsubscribe anytime.
