In a decisive move to fortify the nation's digital defences, Security Minister Dan Jarvis has announced a stricter cyber security regime for British businesses. This pledge comes in the wake of a series of devastating cyber attacks targeting major UK corporations, including Jaguar Land Rover (JLR) and Marks & Spencer, which laid bare critical vulnerabilities.
A Mainstream Threat to the UK Economy
Speaking at the Parliament & Cyber Conference in Westminster on Monday, 24th November 2025, Jarvis declared that cyber incidents have shifted "from the margins to the mainstream." He highlighted how recent breaches demonstrate the rapid spread of operational disruption through complex supply chains.
Referencing attacks on firms like JLR, Co-op, and Marks & Spencer, the minister warned that the impact now ripples through "everything from consumers to GDP." He starkly illustrated the global escalation of cyber crime, stating, "If cyber crime were a national economy, it would be the third largest," and cited projections that global scams will cost a staggering £27 trillion by 2027.
The New Cyber Resilience Bill
Jarvis's comments coincided with the government's new Cyber Security and Resilience Bill beginning its passage through Parliament. This landmark legislation will impose significant new duties on regulated firms, including:
- Reporting significant cyber incidents within 24 hours.
- Meeting mandatory minimum security standards.
- Maintaining and regularly testing incident response plans.
The minister announced that the bill "will boost cyber protections for the services people and businesses rely on every single day." This legislative push follows the JLR attack, described by industry figures as the most economically damaging in UK history, which halted production for five weeks and cost an estimated £1.9bn. A recent spate of breaches affecting M&S and other major retailers has further underscored the acute vulnerabilities in consumer-facing sectors.
Whitehall's Call to Corporate Leaders
Minister Jarvis placed clear responsibility on the private sector, emphasising that "businesses cannot be protected by the government alone." He revealed that a letter had been issued to the chief executives of FTSE 350 companies, urging them to recognise the severe threat and bolster their internal defences.
To support organisations, from sole traders to major corporates, he pointed to new tools from the National Cyber Security Centre (NCSC), including early-warning systems and a dedicated cyber action toolkit for SMEs. As the UK prepares a new national cyber action plan, Jarvis pledged that agencies like the National Crime Agency "will use all of the tools at [its] disposal" to pursue cyber criminals.
Concluding on the critical role of technology, he added, "It keeps our democracy transparent. It keeps our businesses successful, and keeps people connected and safe." The message from Westminster is clear: in the face of a growing digital threat, resilience is no longer optional.
