UK businesses have been urged by ministers to take action to protect themselves against hostile cyber activity.

Writing to chief executives and chairs of prominent businesses, the government has encouraged companies to “take the necessary steps” to protect themselves and the wider economy from the impact of cyber-attacks.

The UK has seen a number of high-profile cyber-attacks this year, including those at M&S and Jaguar Land Rover. But all attacks impact business, damage the economy and put consumer data at risk.

The letter has been written by senior government officials including technology secretary Liz Kendall, chancellor Rachel Reeves and Richard Horne, CEO of the National Cyber Security Centre.

It says: “Cyber resilience is a critical enabler of economic growth, so getting this right will promote growth and foster a stable environment for investment and innovation. 

“Recent high-profile cyber incidents show how attacks can seriously disrupt operations and damage profitability. In this increasingly hostile landscape, organisations recover better from incidents when they have planned for the worst and rehearsed their business continuity and recovery.” 

The letter comes as the National Cyber Security Centre said it had dealt with a record 204 nationally significant cyber-attacks in the year to September, up from 89 in the previous 12 months. It said this equates to an average of four per week.

In its latest Annual Review, the UK’s cyber agency, a part of GCHQ, has revealed that the cyber threats facing the UK continue to escalate.

Richard Horne, chief executive of the NCSC, said: “Cyber security is now a matter of business survival and national resilience. With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50% rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.

“The best way to defend against these attacks is for organisations to make themselves as hard a target as possible. That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. The time to act is now.”

In its letter to businesses, government has urged industry to look at three key ways  to make an “immediate positive impact” on resilience to cyber-attacks:

• Make cyber risk a board-level priority using the Cyber Governance Code of Practice - developed with industry leaders, sets out critical actions Boards and directors should take to govern cyber risk effectively.
• Sign up to the NCSC’s Early Warning service – a free service which informs organisations of potential cyber-attacks and can give invaluable time to detect and stop a cyber incident before it escalates. 
• Require Cyber Essentials in the supply chain - a government-backed scheme which certifies that organisations have key cyber protections in place to prevent common cyber-attacks. It is the minimum cyber security standard businesses should seek to obtain. 

The letter added: “We are encouraged to see that more than 90% of company boards now recognise cyber security as a critical priority. We now need to convert this priority into concrete actions to fully address vulnerabilities and enhance resilience and invite you to work with us to protect our economy and society.

“In the coming months we will host events to build this partnership and gather industry insight. Your involvement will ensure we can drive the much-needed improvements in our nation’s resilience.”

To read the government's letter in full, click here