Collection

Cyber resilience

Details of the government's cyber resilience policy for businesses and organisations.

• From: Department for Science, Innovation and Technology and Department for Digital, Culture, Media & Sport
• Published: 21 December 2020
• Last updated: 9 April 2024 — See all updates

Businesses and organisations are increasingly dependent on digital technologies, which are at risk of being disrupted by cyber attacks. The government is therefore investing £2.6 billion in the National Cyber Strategy to protect and promote the UK online.

‘Cyber resilience’ is the ability for organisations to prepare for, respond to and recover from cyber attacks and security breaches. Cyber resilience is key to operational resilience and business continuity, as well as the growth and flourishing of the UK economy.

What we do

Responsibility for delivery of the National Cyber Strategy 2022 lies across a broad range of departments which are jointly responsible for setting policy on the UK’s cyber resilience. These include the Cabinet Office, Home Office, the Department for Science, Innovation and Technology (DSIT) and individual lead government departments for critical national infrastructure (CNI) sectors. The policies cover CNI, government, businesses of all sizes, academia, charities and individuals.

The National Cyber Security Centre and law enforcement partners play a critical delivery role in providing incident response support to cyber attacks, and setting out advice and guidance for how to stay secure in an increasingly digital world.

This page sets out DSIT policy work. DSIT leads policy on cyber resilience across organisations in the wider UK economy. We do this by developing regulation and incentives to improve cyber security practices, informed by assessment and analysis of evidence.

This page will be updated as further policy and research documents are made available.

Guidance and tools to improve cyber resilience

A full range of guidance and support can be found on the National Cyber Security Centre website.

• Check your cyber security - a free tool to check your computer set-up at the click of a button
• Free Cyber Action plan for individuals and small businesses
• Guidance for individuals and families
• Guidance for self-employed people and sole traders
• Guidance for small- and medium-sized organisations, including businesses, charities, clubs and schools with up to 250 employees
• Guidance for large organisations, including businesses, charities and critical national infrastructure with more than 250 employees
• Cyber Aware campaign, offering entry-level advice for sole traders and small businesses, including a free online Cyber Action Plan tool
• Guidance to protecting against ransomware. Ransomware is the key current cyber threat facing facing businesses and organisations. Make sure you’re protected against costly and disruptive attacks by using this guidance.
• Secure connected places playbook. Guidance for local authorities and others to secure smart cities and connected places technologies.

Other research reports

• Evaluation of Cyber Essentials (November 2020)
• The impact of GDPR on cyber security breaches (August 2020)
• Analysis of the full cost of cyber security breaches (August 2020)
• Feasibility of a longitudinal study of large organisations’ cyber security and governance practices (August 2020)

Cyber resilience policy

DSIT policy work on cyber resilience is set out below. This includes evidence and analysis, policy position papers, and press announcements.

• Business leaders urged to toughen up cyber attack protections
  • 23 January 2024
  • Press release
• Cyber Governance Code of Practice: call for views
  • 23 January 2024
  • Closed call for evidence
• Government response on software resilience and security
  • 23 January 2024
  • Policy paper
• Secure Connected Places: Cyber Security Playbook launched
  • 16 May 2023
  • Press release
• Call for views on software resilience and security for businesses and organisations
  • 6 February 2023
  • Policy paper
• Cyber laws updated to boost UK’s resilience against online attacks
  • 30 November 2022
  • Press release
• Proposal for legislation to improve the UK’s cyber resilience
  • 30 November 2022
  • Consultation outcome
• Second Post-Implementation Review of the Network and Information Systems Regulations 2018
  • 27 July 2022
  • Policy paper
• Businesses urged to boost cyber standards as new data reveals nearly a third of firms suffering cyber attacks hit every week
  • 30 March 2022
  • Press release
• 2022 cyber security incentives and regulation review
  • 19 January 2022
  • Policy paper
• Proposal for legislation to improve the UK’s cyber resilience
  • 30 November 2022
  • Consultation outcome
• Embedding standards and pathways across the cyber profession by 2025
  • 20 June 2022
  • Consultation outcome
• Government response on amending the NIS regulations
  • 17 November 2021
  • Policy paper
• New plans to boost cyber security of UK's digital supply chains
  • 15 November 2021
  • Press release
• Government response on supply chain cyber security
  • 15 November 2021
  • Policy paper
• New plans to boost cyber resilience of UK’s critical supply chains
  • 17 May 2021
  • Press release
• Call for views on supply chain cyber security
  • 15 November 2021
  • Policy paper
• Businesses urged to act as two in five UK firms experience cyber attacks in the last year
  • 24 March 2021
  • Press release
• Funding boost to help healthcare suppliers improve cyber security
  • 10 September 2020
  • Press release
• Cyber security incentives & regulation review: government response to the call for evidence
  • 27 August 2020
  • Policy paper
• Cyber Security Incentives & Regulation Review: Call for Evidence
  • 21 December 2019
  • Policy paper
• Call for evidence launched on improving cyber security across the UK economy
  • 4 November 2019
  • News story
• Minister for Digital speech at SINET Global Cybersecurity Innovation Summit
  • 30 January 2020
  • Speech
• Cyber Security Regulation and Incentives Review
  • 21 December 2016
  • Policy paper

Research and statistics

Research reports and official statistics which support the government’s cyber resilience policy, including the annual cyber security breaches survey.

• Cyber Security Breaches Survey 2024
  • 9 April 2024
  • Official Statistics
• Cyber security longitudinal survey: wave three results
  • 20 March 2024
  • Research and analysis
• Research on managed service providers
  • 12 February 2024
  • Research and analysis
• UK cyber governance project
  • 29 January 2024
  • Research and analysis
• Cyber Essentials scheme process evaluation
  • 22 June 2023
  • Research and analysis
• Cyber security breaches survey 2023
  • 19 April 2023
  • Official Statistics
• Cyber security longitudinal survey: wave two results
  • 19 December 2022
  • Research and analysis
• Cyber security breaches survey 2022
  • 11 July 2022
  • Official Statistics
• Cyber security longitudinal survey - wave one
  • 27 January 2022
  • Research and analysis
• Captains of industry cyber resilience research 2021
  • 15 November 2021
  • Research and analysis
• Cyber Security Breaches Survey 2021
  • 24 March 2021
  • Official Statistics
• Cyber Security Breaches Survey 2020
  • 26 March 2020
  • Official Statistics
• Cyber Security Breaches Survey 2019
  • 2 July 2019
  • Official Statistics
• Cyber Security Breaches Survey 2018
  • 25 April 2018
  • Official Statistics
• Cyber Security Breaches Survey 2018: Preparations for the new Data Protection Act
  • 24 January 2018
  • Official Statistics
• Cyber Security Breaches Survey 2017
  • 19 April 2017
  • Official Statistics
• Cyber Essentials scheme research
  • 21 December 2016
  • Research and analysis

Published 21 December 2020
Last updated 9 April 2024 + show all updates

1. 9 April 2024

   Added details of the Cyber Security Breaches Survey 2024.

2. 20 March 2024

   The wave three results of the cyber security longitudinal survey have been added to the page.

3. 12 February 2024

   Link added to research on managed service providers.

4. 26 January 2024

   Updated to include new work on cyber governance and software security, which was published on 23 January 2024.

5. 30 August 2023

   Added links to new research (2023 Breaches Survey; Cyber Essentials research) and new guidance (Secure Connected Places Playbook.)

6. 12 April 2023

   Added links to the software security call for views, and the cyber security longitudinal survey.

7. 11 July 2022

   Added new documents to the collection: Cyber security breaches survey 2022 and press notice; Second NIS post implementation review.

8. 19 January 2022

   Added details of the Cyber Security Incentives & Regulation Review and two new consultations on improving cyber resilience.

9. 17 November 2021

   Added links to new documents published this week, including the government's response to a consultation on supply chain cyber security, new research on cyber resilience, and the government's response to a call for views on amending the NIS regulations.

10. 24 March 2021

    Added details of the 2021 Cyber Security Breaches Survey & press notice

11. 4 March 2021

    Added a link to the new Cyber Aware campaign for sole traders and small businesses.

12. 21 December 2020

    First published.