Skip to main content
CybersecurityVulnerability Management

UK Government's Cyber Resilience Pledge Gains 60 Signatories

A podium with a circular emblem stands in a conference room with rows of chairs and a cityscape visible through a tall…

"By signing this Pledge, they are showing that cyber resilience is no longer just an IT issue - it is a business imperative," technology secretary Liz Kendall said as she launched the government's new Cyber Resilience Pledge on Tuesday.

What the pledge asks signatories to do

The voluntary scheme, announced by technology secretary Liz Kendall, commits signatories to three specific actions: treat cybersecurity as a board‑level responsibility; sign up to the National Cyber Security Centre's Early Warning service; and encourage their suppliers to achieve Cyber Essentials certification or an equivalent baseline. The pledge carries no enforcement mechanism — participation is voluntary and the primary immediate benefit appears to be the optics of publicly committing to those measures.

Who signed: a roll call of corporate Britain, and some eyebrow-raisers

Sixty organisations have put their names to the pledge. The Register highlights a mix of household names and sector leaders among the signatories — including Marks & Spencer, Microsoft, Aviva, Fujitsu, London Stock Exchange Group, Mastercard, Morrisons, Pearson, QinetiQ, SSE, United Utilities and Vodafone — along with "a sizeable contingent of consultancies and cybersecurity firms." Microsoft also features among the launch partners, with UK chief executive Darren Hardman praising the initiative as a way to strengthen cyber resilience.

Marks & Spencer's participation was singled out as unsurprising in The Register: after being "last year’s poster child for retail cyber misery," the retailer's decision to sign the pledge would likely have raised eyebrows if it had opted out.

Capita’s inclusion and its recent cybersecurity record

The Register calls attention to Capita's presence on the signatory list as notable. The outsourcing giant has, according to The Register, "developed an impressive archive" of incidents: it was fined by the Information Commissioner's Office over a 2023 ransomware attack that exposed more than 6 million records, and earlier this year disclosed that a pension portal had exposed personal information belonging to civil servants. The article frames Capita's decision to sign the pledge in two ways — either as evidence of continuous improvement or as an indication that the government's definition of cyber resilience allows for organisations with recent failures to join the initiative.

Notable absences: Co‑op, Harrods and Jaguar Land Rover

The Register also highlights which high‑profile names did not sign. Co‑op and Harrods are absent from the government's roll call, as is Jaguar Land Rover. JLR, the article notes, spent weeks recovering from a cyberattack before later receiving a £1.5 billion government‑backed lifeline intended to help shield its supply chain from the fallout. The pledge's voluntary nature means, as The Register puts it, "their absence doesn't necessarily say anything about their security posture," but the piece points out that omissions matter if ministers are presenting the initiative as a badge of good cyber citizenship.

What this means for technologists, policymakers, and procurement leaders

  • Technologists and security teams: Signing organisations have committed to the NCSC's Early Warning service and to raising supplier security to Cyber Essentials or equivalent; teams in those companies will be the ones operationalising those commitments.
  • Policymakers and regulators: The pledge is voluntary and lacks enforcement; The Register frames the initiative as largely optical, which leaves regulators and ministers with the challenge of whether to rely on public commitments or to pursue stronger mandatory requirements.
  • Procurement leaders and suppliers: The pledge explicitly encourages signatories to press their suppliers toward Cyber Essentials or an equivalent baseline, which could shift procurement conversations and contract requirements for many suppliers.

The launch melds familiar political messaging — Kendall warned that cyberattacks can "disrupt services, expose customer data, and damage the bottom line," and that AI is making attacks "more sophisticated and easier to launch" — with a roster of voluntary signatories. That mix leaves the initiative's practical reach open to immediate testing: will the pledge produce measurable changes in board behaviour, supplier standards and incident prevention, or will it remain a public relations step for organisations already under scrutiny?

The original story is available at The Register.