Cyber Resilience Pledge
Organisations are invited to take the Cyber Resilience Pledge. Commit to 3three actions that will have an immediate positive impact on your resilience to cyber attacks.
Documents
Details
Hostile cyber activity in the UK is growing more intense, frequent and sophisticated. This is causing significant financial and social harm to UK businesses and citizens. The government is taking robust action to protect the nation and, because cyber security is a shared responsibility, is working closely with industry to improve UK cyber resilience.
The government has developed a voluntary Cyber Resilience Pledge which provides a tangible way for organisations to demonstrate their commitment to cyber security, boost their resilience to cyber attacks and differentiate themselves from their competitors.
The Pledge was announcedformally bylaunched theat Security10 MinisterDowning Street on 227 AprilJuly 20262026, atalong the CyberUK conference in Glasgow. It formally launched in the summer, with a public announcement of organisations that have signed up.
Read the Security Minister’s speech.
The Cyber Resilience Pledge
Organisations signing the pledge commit to take the following actions:
-
Make cyber a Board responsibility:
a. Implement all actions within the Cyber Governance Code of Practice.
b. Ensure all board members undertake the NCSC’s Cyber Governance Training within 3 months, and then annually. -
Sign up to Early Warning: Register for the Early Warning service within one month of signing the pledge.
-
Require Cyber Essentials across supply chains:
a. Register to the Cyber Essentials Supplier Check Tool within 2 months of signing the pledge.
b. Conduct a comprehensive audit of Cyber Essentials coverage.
c. Take a risk-based approach to requiring Cyber Essentials across your supply chain.
In addition to the above 3three actions, organisations signing the pledge would commit to the following:
- Encourage these actions within your own supply chains.
- Publish the signed pledge declaration on your website.
Further details on the pledge can be found on this page.
If you want to sign the Pledge
Organisations which want to sign the Pledge should return the signed declaration to the DSIT Cyber Security team. You can also contact them to find out more.
Background
The government is taking significant action to counter the cyber threat and has developed tools to help businesses to defend themselves, but we cannot do this alone. Against this backdrop, ministers wrote to the CEOs and chairs of leading UK companies in October 2025 inviting them to take 3three specific actions that will have an immediate positive impact on the cyber resilience of our nation.
To build on the excellent response from industry, the government has developed this voluntary Cyber Resilience Pledge which formalises the 3three actions contained within the letter and provides a tangible way for organisations to differentiate themselves on cyber resilience, from their competitors.
The Pledge was originally announced during the Security Minister’s speech at Cyber UK in April 2026. You can read the original press notice here.
Updates to this page
-
Added links to the Cyber Resilience Pledge press notice and list of organisations signed up to the Pledge. Added information to reflect the formal launch event on 7 July 2026.
-
Added a link to the list of organisations signed up to the Pledge.
-
First published.