TransInfo
Freight ForwardingTransportLogistics
ADVERTISEMENT
PITD raport EN

AdobeStock/Syda Productions

Government warns UK businesses to toughen cyber-defence amid rising attacks

You can read this article in 6 minutes
Pölös Zsófia

Pölös Zsófia

Journalist Trans.info | 21.10.2025

Cyber-attacks targeting UK businesses have become more frequent and sophisticated in 2025, with incidents hitting major retailers such as CO-OP and M&S, as well as manufacturers like Jaguar Land Rover.

There is a person behind this text – not artificial intelligence. This material was entirely prepared by the editor, using their knowledge and experience.

 The transport and logistics sector has also been heavily affected: several large hauliers, including KNP Logistics, Owens Group and Eddie Stobart, have suffered serious cyber incidents over the past two years that disrupted operations and, in some cases, exposed sensitive data.

Most recently, DSV confirmed a data breach linked to a hacker group reportedly targeting logistics companies. The Danish transport and logistics giant said a smaller customer base has been notified, while investigations continue. DSV emphasised that its operations were not affected, and that it is working with cybersecurity experts to assess the scale of the breach.

In response to the escalating threat landscape, the UK government has written to CEOs and chairs of the country’s largest firms, urging them to take immediate steps to strengthen their cyber defences.

The letter, signed by senior ministers including Chancellor Rachel Reeves, Business Secretary Peter Kyle, and Security Minister Dan Jarvis, warns that “hostile cyber activity in the UK is growing more intense, frequent and sophisticated,” posing “a direct and active threat to our economic and national security.”

According to the government, improving cyber resilience is not only a matter of national security but also “a critical enabler of economic growth.” Business leaders are therefore urged to treat cyber security as a board-level responsibility and to act collectively to protect the economy.

Three immediate actions for large companies

The letter sets out three key actions designed to have an immediate impact on cyber resilience:

  1. Make cyber risk a Board-level priority
     Boards are encouraged to use the Cyber Governance Code of Practice, developed jointly by government and industry experts, to integrate cyber risk into strategic decision-making. The Code is supported by free training to help directors understand their oversight responsibilities.
     Companies are also advised to rehearse their response and recovery plans to ensure business continuity after a major cyber incident.
  2. Sign up to the NCSC’s Early Warning service
     The National Cyber Security Centre (NCSC) provides a free alert system that warns organisations about possible cyber activity on their networks, allowing them to identify and stop attacks before they escalate.
  3. Implement Cyber Essentials across supply chains
     The Cyber Essentials certification confirms that organisations have the core technical protections needed to block the majority of common cyber attacks.
     The government already requires most of its own suppliers to hold this certification and is urging large businesses to extend the same requirement to their suppliers.
     According to the NCSC, organisations certified under the scheme are 92% less likely to make a claim on their cyber insurance.

The letter has been sent to all companies in the FTSE100 and FTSE250, along with other leading UK businesses.

Practical guidance for smaller firms

Alongside the letter to major corporations, the government has also published a free toolkit for small and medium-sized enterprises (SMEs) to help them strengthen their cyber defences.

The Cyber Action Plan identifies six “foundation layer” actions that any business can take, most of which can be completed quickly and without specialist support:

  1. Secure business email accounts – Enable multi-factor authentication (MFA) on all accounts used for business operations.
  2. Use a password manager – Encourage staff to create and store strong, unique passwords.
  3. Secure important online accounts – Apply MFA to critical services such as banking, payroll, and data storage platforms.
  4. Keep devices up to date – Ensure that computers, tablets and smartphones automatically install the latest security updates.
  5. Keep apps up to date – Regularly update business software, including logistics management and telematics tools.
  6. Secure your devices – Use PINs, fingerprint locks, or encryption to protect data in the event of loss or theft.

Each step is rated by impact and completion time, with the government describing them as “the essential building blocks of cyber hygiene” that can prevent the majority of opportunistic attacks.

These measures are particularly relevant to haulage and logistics operators, where digital booking systems, telematics, and vehicle tracking tools are common targets for ransomware and phishing attempts.

Joint responsibility for national cyber resilience

The government said that strengthening the UK’s cyber resilience “requires close collaboration between government and industry.” Its forthcoming Cyber Security and Resilience Bill will expand protections for essential and digital services, while the Cyber Assessment Framework (CAF) is already available to help critical operators evaluate vulnerabilities.

Ministers said more than 90% of UK company boards now recognise cyber security as a priority, but warned that recognition must now “convert into concrete action.”

In the coming months, government departments plan to host events with business leaders to share insights and support collective improvements in resilience.

Tags: