UK Pledges £90m for Cybersecurity, Urges ‘Resilience Pledge’
▼ Summary
– The UK government announced a £90m investment in cybersecurity to boost national resilience, with funding aimed at supporting small and medium-sized businesses.
– The government plans to help organizations adopt the Cyber Essentials standard, which saw quarterly certifications surpass 10,000 last summer and a 20% uptake increase in the last financial year.
– Minister Dan Jarvis called for major organizations to sign a new Cyber Resilience Pledge, requiring board-level cybersecurity responsibility, NCSC Early Warning service sign-up, and supply chain Cyber Essentials certification.
– Industry critics, including James Neilson of OPSWAT, argued the investment is insufficient, noting that SMEs lack both funding and knowledge, and need more practical guidance.
– Jonathan Lee of TrendAI suggested moving beyond encouragement to incentives like tax credits, while UK businesses can already claim R&D tax relief for cybersecurity innovation.
The UK government has announced a £90m ($120m) investment in cybersecurity, unveiled at the National Cyber Security Centre’s (NCSC) annual CYBERUK conference on April 22. Minister for Security Dan Jarvis stated that the funding is specifically designed to bolster support for small and medium-sized enterprises (SMEs) while encouraging broader adoption of the Cyber Essentials standard.
During the conference, Jarvis emphasized the government’s goal of helping organizations meet this baseline security framework. The Cyber Essentials program saw quarterly certifications surpass 10,000 for the first time last summer, with NCSC Director for National Resilience Jonathan Ellison noting a 20% increase in uptake over the previous financial year. Ellison called this the program’s best year yet but expressed a desire for even greater participation.
Jarvis also called on every major organization to commit to a new Cyber Resilience Pledge, set to launch this summer. Businesses can become signatories by taking three concrete actions: making cybersecurity a board-level responsibility, signing up for the NCSC’s free Early Warning service, and requiring Cyber Essentials certification across their supply chains.
While this approach aims to push cybersecurity to those who need it most, industry experts have voiced skepticism. James Neilson, SVP of International at OPSWAT, described the investment as “nice on paper and helpful for SMEs” but “nowhere near enough” to address the scale of the problem. He highlighted that many SMEs have “small security teams or none at all,” making it not just a funding issue but a knowledge gap. Neilson urged the government to invest heavily in support and guidance.
Trevor Dearing, director of critical infrastructure at Illumio, echoed this sentiment, noting that “what many small businesses lack is practical guidance on how to protect sensitive data and keep critical services running when incidents occur.”
Speaking to Infosecurity at CYBERUK, Jonathan Lee, Director of Cyber Strategy at TrendAI, said the government and NCSC are “saying the right things” but must move beyond “gently encouraging organizations” toward providing incentives for action. Lee proposed exploring tax credits as a way to motivate investment in resilience. “Let’s incentivize people to invest more in their resilience because ultimately, we’re told it’s a team sport and everyone needs to work together,” he added.
Currently, UK businesses developing innovative cybersecurity solutions can claim Research and Development (R&D) tax relief to reduce Corporation Tax or receive cash payments, though critics argue this may not be enough to drive widespread change.
(Source: Infosecurity Magazine)
