Keynote address to FT Cyber Resilience Summit 2025
Security Minister Dan Jarvis's speech at 22 Bishopsgate on the government's action to tackle cybercrime.
It’s a great pleasure to be here with you here in the City of London.
It’s a place where 2,000-year-old historical monuments stand alongside modern skyscrapers.
But before I address the present, I want to say something about the past.
The road we’re on right now was one of the first ever streets in London to be gaslit - and I’m not lying about that.
St. Helen’s Church, which is just behind us, is where Shakespeare lived and worked.
Perhaps one of you here today is a potential playwright, and you’ve been looking for inspiration for a Security Minister character you’re writing.
Well don’t worry, I’m not going to break into a one-act rendition of Hamlet; I’d like to focus today, on my remarks on deterring malicious actors, rather than becoming one myself.
In fact, Bishopsgate gets its name from one of the ancient gates, built into the Roman wall, which helped regulate trade and kept the city secure.
Trade and security have always depended upon each other.
Without security, commercial centres like the City of London would struggle to survive.
Without trade, we wouldn’t be able to fund the security measures that keep us safe.
That was true in the Roman past, and it is true today.
But when it comes to today’s traders, it’s less about brick walls and more about firewalls, and every example of technological innovation brings with it many opportunities, both helpful and harmful.
Now by all modern markers, these are unprecedented times.
Not only do we have armed conflict on the continent, but hybrid threats from state and non-state actors have become the norm, blurring the line between war and peace.
And cybercrime – our focus today – is an ever-expanding threat landscape.
If it were a national economy, cybercrime would be the third largest in the world.
Some experts have claimed that online scams are set to cost the world $27 trillion a year by 2027.
What’s more, these criminals are callous and shameless.
These are the type of people who hacked a group of nurseries, and posted photos and details of children on the dark web.
They are amongst the most reckless of vandals and they don’t care who they hurt or intimidate.
To put it very plainly; they are devious.
Last year, the Financial Times broke a truly remarkable story.
Fraudsters targeting UK-based engineering firm Arup, created a deepfake clone of the company’s CFO.
That clone invited a member of Arup’s staff into an emergency video meeting, where the fake CFO asked them to make 15 transactions amounting to $25 million to five bank accounts in Hong Kong.
Now the member of staff did it, convinced it was a genuine, urgent request.
But what the member of staff couldn’t have guessed was that they were the only real person on that call, and everyone else was an AI clone.
It’s chilling stuff – but it’s worth asking yourself the question: what would you have done?
The fact they operate in this online space affords these cowardly criminals anonymity, and gives them the confidence to hit hard.
Think about the recent attack on Jaguar Land Rover and the damage it inflicted on their business.
If this damage had been caused by an old-school, physical attack, it would have been the equivalent of hundreds of masked criminals turning up to dealerships across the country, breaking glass, smashing up computers and driving cars right off the forecourt.
Could you imagine the headlines or the fear that would shoot through every local neighbourhood?
The truth is, there is no real difference between them; they are both brazen acts of criminality.
What these criminals do online is incredibly serious, and the Government is doing everything it can to address the severity of these crimes.
Now in September, the Prime Minister expanded the role of the Security Minister and appointed me to the Cabinet Office, as well as to the Home Office.
This isn’t just trivial Whitehall talk - it’s a genuine change to the way that the Government protects our national security.
And it’s recognition that the threats we face don’t fit into neat boxes.
They come from a variety of actors, right the way around the world, and our action to tackle them must be coordinated.
Two weeks ago, we sanctioned the Russian cybercrime syndicate ‘Media Land’, responsible for facilitating cyber-attacks on UK-based companies.
In the following days, I set out new work to tackle the threats to our democracy posed by China - work addressed by the Prime Minister on Monday, in his Guildhall banquet speech, very close to here.
And today I want to say something more about how we are making the UK the hardest possible target for our adversaries.
But I also want to be upfront with you.
This work is not the responsibility of the government alone.
We need a whole of society approach.
We can only create a proper deterrence through partnership, which is why the Government and business are working together to improve our security.
For too long, businesses and politicians have been under the misapprehension that cyber investment is a drag on growth.
But this is a mistake.
Cyber security keeps us safe – and is a key enabler of growth.
Look at the impact of the four biggest cybercrime incidents of the year, on the Co-op, Marks and Spencer, Harrods and JLR.
Those attacks were felt right across the country and the Bank of England now believes a strike on JLR was a factor in economic growth contracting in September.
These large attacks make headlines, but I’m equally concerned about the high volume of attacks on small businesses.
Fifty percent of small businesses said they were hit by some form of cyber attack last year, meaning hundreds of thousands of businesses were made a target.
Our businesses and our key infrastructure deserve better support and the criminals deserve everything coming to them.
And the Government is doing everything it can to achieve these two aims.
We are doing more to support businesses tackle cybercrime than ever before.
The tools that we have created alongside the National Cyber Security Centre will help businesses of every size.
Our ‘Cyber Action Toolkit’ is designed to empower sole traders and small businesses, to take their first steps toward cyber protection.
Over 13,000 organisations are part of our free ‘Early Warning’ service, giving them exclusive access to information on potential cyber-attacks.
And our ‘Cyber Essentials’ certification proves your organisation is protected against common cyber threats.
It also provides free automatic cyber liability insurance for any UK organisation that has less than £20m annual turnover.
We are also strengthening our national security by improving our cyber resilience.
Just a couple of weeks ago, the Cyber Security and Resilience Bill was introduced to Parliament.
It will play a vital role in keeping the country secure.
The Home Office is also creating new legislation to put a stop to the ransomware gangs, by better protecting our businesses.
And we are working with cyber security experts to make sure that our security infrastructure is as strong as possible.
I can also say that we’ve heard the criticisms about the Computer Misuse Act, and how it can leave many cyber security experts feeling constrained in the activity that they can undertake.
These researchers play an important role in increasing the resilience of UK systems, and securing them from unknown vulnerabilities.
We shouldn’t be shutting these people out, we should be welcoming them and their work.
Which is why we are looking at a legal change to the Computer Misuse Act.
This would create a “statutory defence” for these researchers to spot and share vulnerabilities, which would protect them from prosecution, as long as they meet certain safeguards.
This partnership approach also extends to our work with major providers of our national infrastructure, and I’m pleased to announce today that we have reached a massive milestone with that work.
This morning I visited BT, who have collaborated with the experts of the National Cyber Security Centre on its ‘Share and Defend’ tool.
The service shares data of online scams and early-stage cyber attacks with internet service providers - including BT - which they can then block, protecting millions of customers from cybercrime.
Scams like these are a door for many of the international criminals, which they use to dupe and steal from innocent people.
Today, that door has been slammed shut on the criminals not a million times, but almost a billion times in less than a year.
This is all thanks to BT and the NCSC blocking access to these fraudulent websites.
This morning I took the opportunity to personally commend everyone involved for their dedication to this work.
This work only demonstrates the constant threat that we are all under, which means the Government must continue to strengthen our armoury to protect those in the sightlines of these criminals.
We’ve already committed to publishing a National Cyber Action Plan, and today I want to explain our thinking – exclusively with you – as we finalise the plan.
A National Cyber Strategy was published in 2022, and it was met with some difficulty by the business sector.
It was too long, it was unclear about the Government’s actions to stop cybercrime and it wasn’t explicit enough about what the Government expected from business.
Following this year’s attacks, there can be no-doubt on the actions that must be taken.
And that’s why we are publishing a National Cyber Action Plan. which will have defined roles and tasks for everyone involved to stay cyber secure.
It will be a business-first plan - written for businesses, written with businesses.
I can confirm today that we’ve already consulted over 400 individual partners, across business, critical national infrastructure and with international partners.
The action plan will set clear expectations for businesses, tailored to companies of all sizes and revenues.
It will be a crucial part of our plan to make the UK the hardest possible target for cyber criminals to operate.
And I want to send a clear message to cyber criminals that we are on to you.
Every day we are finding out more about who you are.
And we will hunt you down, and we will bring you to justice.
Now, our security must always be built with the strongest material we have.
When this City was founded, back in 47 AD, that strength came from a stone wall.
Today, our strength must come from our resolve.
We will not allow our country to fall victim to these calculated criminals.
The Government is working across our society, with businesses, with security experts and with the authorities, leaving these criminals with no chance to succeed and no place to hide.
Together, we will show them what the UK is made of, building a safer and more secure future for our society, and make those who threaten our security a relic of the past.
Thank you.