In a nondescript briefing room at 10 Downing Street on 7 July, representatives from some of Britain’s largest companies gathered to commit their organisations to a clearer line of defence. The moment felt less like a grand unveiling and more like a quiet recalibration, one that placed responsibility for digital safety squarely with those who run the businesses rather than distant regulators.
The Cyber Resilience Pledge, formally launched that day, requires signatories to make cyber security a board-level responsibility. That means implementing the Cyber Governance Code of Practice and ensuring every board member completes annual NCSC Cyber Governance Training. More than 60 organisations have already signed. They must also register for the NCSC Early Warning service and adopt a risk-based approach to demanding Cyber Essentials certification throughout their supply chains.
These steps are practical, measurable and rest on voluntary cooperation rather than fresh legislation. In an environment where innovation moves faster than any statute book, such an approach keeps decision-making close to the people who understand their own operations best. It treats cyber resilience as a business imperative, not another layer of compliance theatre.
From blueprint to national capability
Running in parallel is Cyber Shield, a programme whose details appeared the same day in a blog post from the National Cyber Security Centre. It sets out to build a national-scale collaborative approach to agentic cyber defence, using frontier AI to identify, reduce and resolve risks at a pace only machines can sustain.
The idea had been signalled weeks earlier. On 27 May at Bletchley Park,
Anne Keast-Butler, Director of GCHQ, told her audience: We need to reimagine cyber security in the AI world. In the past few months, GCHQ has developed the blueprint for a new national cyber defence capability that will hardwire cutting-edge agentic AI into machine speed cyber defence.
That blueprint is now being developed jointly by the NCSC and the Department for Science, Innovation and Technology. It sits alongside the forthcoming National Cyber Action Plan, which includes further investment in AI-powered defensive capabilities. The emphasis throughout remains on partnership across government, industry and critical infrastructure operators rather than top-down mandates.