Cyber Resilience Pledge

Hostile cyber activity in the UK is growing more intense, frequent and sophisticated. This is causing significant financial and social harm to UK businesses and citizens. The government is taking robust action to protect the nation and, because cyber security is a shared responsibility, is working closely with industry to improve UK cyber resilience.

The government has developed a voluntary Cyber Resilience Pledge which provides a tangible way for organisations to boost their resilience to cyber attacks and differentiate themselves from their competitors.

The Pledge was announced on 22 April 2026 at the CyberUK conference in Glasgow. It will be formally launched in the summer, with a public announcement of those organisations which have signed up.

The Cyber Resilience Pledge

Organisations signing the pledge commit to take the following actions:

1. Make cyber a Board responsibility: a. Implement all actions within the Cyber Governance Code of Practice. b. Ensure all board members undertake the NCSC’s Cyber Governance Training within 3 months, and then annually.

2. Sign up to Early Warning: Register for the Early Warning service within one month of signing the pledge.

3. Require Cyber Essentials across supply chains: a. Register to the Cyber Essentials Supplier Check Tool within 2 months of signing the pledge. b. Conduct a comprehensive audit of Cyber Essentials coverage. c. Require Cyber Essentials across your supply chain.

In addition to the above 3 actions, organisations signing the pledge would commit to the following:

• Encourage these actions within your own supply chains.
• Publish the signed pledge declaration on your website.

Further details on the pledge can be found in the documents on this page.

If you want to sign the Pledge

Organisations which want to sign the Pledge should return the signed declaration to the DSIT Cyber Security team. You can also contact them to find out more.

Background

The government is taking significant action to counter the cyber threat and has developed tools to help businesses to defend themselves, but we cannot do this alone. Against this backdrop, ministers wrote to the CEOs and chairs of leading UK companies inviting them to take 3 specific actions that will have an immediate positive impact on the cyber resilience of our nation.

To build on the excellent response from industry, the government has developed this voluntary Cyber Resilience Pledge which formalises the 3 actions contained within the letter and provides a tangible way for organisations to differentiate themselves on cyber resilience, from their competitors.