UK launches voluntary Cyber Resilience Pledge with 60 early signatories

The UK government has unveiled a new voluntary Cyber Resilience Pledge, with 60 organisations joining at launch, including Marks & Spencer, Microsoft, Aviva, Fujitsu, the London Stock Exchange Gro...

The UK government has unveiled a new voluntary Cyber Resilience Pledge, with 60 organisations joining at launch, including Marks & Spencer, Microsoft, Aviva, Fujitsu, the London Stock Exchange Group, Mastercard, Morrisons, Pearson, QinetiQ, SSE, United Utilities and Vodafone.

Technology secretary Liz Kendall introduced the initiative on Tuesday, saying the aim is to encourage businesses to treat cybersecurity as a board-level issue rather than a purely technical one. Companies that sign up commit to several broad steps: making cyber risk a leadership responsibility, enrolling in the National Cyber Security Centre’s Early Warning service, and urging suppliers to meet the Cyber Essentials baseline or an equivalent standard.

A voluntary scheme with no enforcement power

The pledge is designed as a public commitment rather than a regulatory requirement. There are no penalties for companies that decline to join, and the government has not attached enforcement measures to the scheme. That makes the list of signatories notable not only for who joined, but also for who did not.

Several companies that have recently faced high-profile cyber incidents were absent from the launch list, including Co-op, Harrods and Jaguar Land Rover. Their omission does not necessarily indicate anything about their security posture, but it does underline the fact that participation is optional.

Marks & Spencer’s inclusion is less surprising. The retailer was one of the UK’s most visible cyber incident victims last year, so signing the pledge offers an opportunity to demonstrate a renewed focus on resilience.

Capita’s presence drew attention for a different reason. The outsourcing company has dealt with a series of cybersecurity problems in recent years, including an ICO fine related to its 2023 ransomware incident, which exposed more than 6 million records. Earlier this year, it also disclosed an exposure involving a pension portal that revealed personal information belonging to civil servants.

Microsoft also features among the launch partners, with UK chief executive Darren Hardman backing the initiative. Beyond the headline names, the signatory list includes a wide range of large enterprises, consultancies and security firms, suggesting broad industry interest even if the pledge remains largely symbolic.

For now, the government is presenting the scheme as a signal of good practice and shared responsibility. Whether it leads to measurable improvements in corporate cyber hygiene will depend on how seriously signatories follow through.