Tackling cybercrime as it becomes one of the biggest threats facing our economy
Today we are talking all things cyber, as we emphasise the value of businesses tackling cybercrime as a key priority to protect its future, and how a new toolkit can support smaller businesses taking on the fight.
Minister urges businesses to take cyber security seriously
The Security Minister, Dan Jarvis, has urged business leaders to act now to strengthen their cyber resilience, warning that cybercrime is one of the biggest threats facing the UK economy.
Speaking at the launch of the National Cyber Security Centre’s (NCSC) 2025 Annual Review, he reminded businesses that cyber security is no longer just a technical issue – it’s a board-level one.
A growing threat
The numbers tell the story. The NCSC handled more than 200 serious cyber incidents in the past year – more than double the previous year. These are the types of incidents that can disrupt essential services, cause financial damage, or even threaten national security.
Big names like Marks & Spencer, The Co-op and Jaguar Land Rover have all faced attacks this year. But Jarvis was clear that businesses of all sizes can be affected by cyber-attacks.
Tools to help businesses
The good news is that practical help is available. NCSC is expanding its support for businesses of all sizes.
- Cyber Action Toolkit: Designed to help sole traders and small firms take their first steps in protecting their systems and data.
- Cyber Essentials certification: A recognised badge showing that a business is protected against common threats. For small organisations (under £20m turnover), full certification also includes automatic cyber liability insurance.
- Early Warning service: Over 13,000 organisations now receive alerts about potential cyber-attacks, giving them valuable time to act.
- Takedown Service: Has removed over 1.2 million phishing campaigns, with half taken down within an hour.
Why this matters for business owners
For many businesses, cybersecurity is often treated as a low-priority issue until something goes wrong. Jarvis encouraged that this approach change. He said, “It’s not a case of if you will be the victim of a cyber-attack, it’s about being prepared for when it does happen.”
Beyond any immediate financial cost, reputational damage can last far longer. Customers, suppliers and investors increasingly want to know that the businesses they work with are taking security seriously.
It’s not just an IT issue
Jarvis’s speech revealed that government ministers and security chiefs have written a letter to the CEOs of all companies in the FTSE 100 and FTSE 250, as well as a number of other leading UK firms.
The letter requests that these businesses make cyber risk a Board-level priority and sign up to NCSC’s Early Warning service.
Interestingly, the letter also requests that these companies require Cyber Essentials in their supply chain. This is because supply chain cyber-attacks are increasing, but it appears that only 14% of UK businesses assess the cyber risks posed by their immediate suppliers.
What to do next
If your business hasn’t reviewed its cyber protections recently, now’s the time.
- Start with the basics: Visit the NCSC website and make use of the Cyber Action Toolkit.
- Consider Cyber Essentials certification: In view of the direction being encouraged, you may find that your customers start to expect that you hold this certification. You could also consider whether requiring it of your suppliers would benefit you.
The message for business owners from the Minister’s speech is simple: act now, not later. Cyber security isn’t just an IT issue – it’s part of protecting your livelihood, your team and your reputation.
New Cyber Toolkit Helps Small Businesses Strengthen Their Defences
Small businesses across the UK are being urged to take simple, practical steps to protect themselves from growing online threats – and a new free toolkit from the National Cyber Security Centre (NCSC) aims to make that much easier.
The Cyber Action Toolkit, launched this week at the NCSC’s Annual Review, offers tailored guidance to help sole traders, micro businesses and small organisations strengthen their cyber security.
NCSC’s latest annual review warns that every organisation with digital assets is a potential target for criminal cyber attackers. NCSC’s CEO, Dr Richard Horne, urged all businesses to ‘act now.’
A growing problem
Recent figures show that 42% of small businesses reported a cyber breach in 2024, while more than a third of micro businesses faced phishing attempts. Many small firms admit they simply don’t know where to start – often because cyber protection feels complicated or time-consuming.
The NCSC’s new toolkit aims to help with that. It breaks cybersecurity down into simple, achievable steps for businesses, with straightforward actions tailored to their size and needs.
What the new toolkit offers
The Cyber Action Toolkit is free to use and provides:
- Personalised cyber security guidance.
- Step-by-step actions tailored to business size.
- Progress tracking and rewards to recognise each improvement you make.
It’s structured around three levels – Foundation, Improver and Enhanced – so businesses can progress through the levels at their own pace and build their resilience gradually.
As you put in place the basic measures recommended by the toolkit, this can be a good starting point in later working towards Cyber Essentials certification.
Taking the first step
For busy business owners, cybersecurity can easily fall down the to-do list. But the reality is that small steps now can save a lot of time and stress later, and the Toolkit seems to be a useful tool in helping with that.
You can access the Cyber Action Toolkit free through the NCSC website.