Published: March 20, 2026 at 11:00 am
For many years, cybersecurity sat firmly in the remit of IT teams. It was seen as technical, specialist and pretty much invisible to the wider organisation unless something went wrong. This, however, is changing quickly.
In October 2025, ministers and national security leaders wrote directly to FTSE350 executives and chairs, urging that cyber risk be treated as a board-level priority and that formal governance frameworks be adopted.
That message is being reinforced by policy, including the Cyber Security and Resilience Bill which is currently progressing through Parliament, and through the Government’s own Cyber Action Plan which aims to minimise risks to public services.
Government is sending clear signals that cyber resilience is no longer something to be ‘passed to IT’. Instead, it’s increasingly being moved to the board level agenda – viewed as a core part of corporate governance.