The scale of the threat facing UK businesses and public services is no longer a warning about the future, it is the present.

Listen to this article

The NCSC's 2025 Annual Review recorded a 50% rise in highly significant cyber incidents for the third consecutive year, with the agency managing the equivalent of one serious attack every two days. 43% of UK businesses reported a breach or attack in the past year alone - which is equal to around 600,000 organisations.

Against that backdrop, the government's Cyber Security and Resilience Bill is a serious and overdue response. The government's own words are striking: the existing laws, last updated in 2018, have "fallen out of date and are insufficient to tackle the threats faced." That candour, at least, is welcome.

But welcome is not the same as sufficient. The Bill's gaps are real.

When M&S and Jaguar Land Rover both suffered damaging attacks in 2025, neither fell within the Bill's scope. Proposed bans on ransomware payments were quietly dropped and the phased........

© LBC