Cyber resilience
Details of the government's cyber resilience policy for businesses and organisations.
Businesses and organisations are increasingly dependent on digital technologies, which are at risk of being disrupted by cyber attacks. The government is therefore investing £2.6 billion in the National Cyber Strategy to protect and promote the UK online.
‘Cyber resilience’ is the ability for organisations to prepare for, respond to and recover from cyber attacks and security breaches. Cyber resilience is key to operational resilience and business continuity, as well as the growth and flourishing of the UK economy.
What we do
Responsibility for delivery of the National Cyber Strategy 2022 lies across a broad range of departments which are jointly responsible for setting policy on the UK’s cyber resilience. These include the Cabinet Office, Home Office, the Department for Science, Innovation and Technology (DSIT) and individual lead government departments for critical national infrastructure (CNI) sectors. The policies cover CNI, government, businesses of all sizes, academia, charities and individuals.
The National Cyber Security Centre and law enforcement partners play a critical delivery role in providing incident response support to cyber attacks, and setting out advice and guidance for how to stay secure in an increasingly digital world.
This page sets out DSIT policy work. DSIT leads policy on cyber resilience across organisations in the wider UK economy. We do this by developing regulation and incentives to improve cyber security practices, informed by assessment and analysis of evidence.
This page will be updated as further policy and research documents are made available.
Guidance and tools to improve cyber resilience
A full range of guidance and support can be found on the National Cyber Security Centre website.
- Check your cyber security - a free tool to check your computer set-up at the click of a button
- Free Cyber Action plan for individuals and small businesses
- Guidance for individuals and families
- Guidance for self-employed people and sole traders
- Guidance for small- and medium-sized organisations, including businesses, charities, clubs and schools with up to 250 employees
- Guidance for large organisations, including businesses, charities and critical national infrastructure with more than 250 employees
- Cyber Aware campaign, offering entry-level advice for sole traders and small businesses, including a free online Cyber Action Plan tool
- Guidance to protecting against ransomware. Ransomware is the key current cyber threat facing facing businesses and organisations. Make sure you’re protected against costly and disruptive attacks by using this guidance.
- Secure connected places playbook. Guidance for local authorities and others to secure smart cities and connected places technologies.
Other research reports
- Evaluation of Cyber Essentials (November 2020)
- The impact of GDPR on cyber security breaches (August 2020)
- Analysis of the full cost of cyber security breaches (August 2020)
- Feasibility of a longitudinal study of large organisations’ cyber security and governance practices (August 2020)
Cyber resilience policy
DSIT policy work on cyber resilience is set out below. This includes evidence and analysis, policy position papers, and press announcements.
Research and statistics
Research reports and official statistics which support the government’s cyber resilience policy, including the annual cyber security breaches survey.
Updates to this page
Published 21 December 2020Last updated 9 April 2024 + show all updates
-
Added details of the Cyber Security Breaches Survey 2024.
-
The wave three results of the cyber security longitudinal survey have been added to the page.
-
Link added to research on managed service providers.
-
Updated to include new work on cyber governance and software security, which was published on 23 January 2024.
-
Added links to new research (2023 Breaches Survey; Cyber Essentials research) and new guidance (Secure Connected Places Playbook.)
-
Added links to the software security call for views, and the cyber security longitudinal survey.
-
Added new documents to the collection: Cyber security breaches survey 2022 and press notice; Second NIS post implementation review.
-
Added details of the Cyber Security Incentives & Regulation Review and two new consultations on improving cyber resilience.
-
Added links to new documents published this week, including the government's response to a consultation on supply chain cyber security, new research on cyber resilience, and the government's response to a call for views on amending the NIS regulations.
-
Added details of the 2021 Cyber Security Breaches Survey & press notice
-
Added a link to the new Cyber Aware campaign for sole traders and small businesses.
-
First published.