Let’s have a frank chat about something rather concerning, shall we? Recent parliamentary debates have revealed something rather unsettling – Britain needs to get ‘war ready’ because we can no longer rely on the USA for our defence. What does this actually mean for our security, our economy, and frankly, our daily lives? And more importantly, is this the beginning of the end for NATO as we know it?
The Stark Reality of Our Changing Security Landscape
Picture this: MPs in Westminster, usually preoccupied with domestic squabbles, are now openly discussing Britain’s need to prepare for potential conflict without American support. It’s a conversation that would have seemed unthinkable just a few years ago, yet here we are.
The timing is particularly telling – these discussions coincide with the UK government’s recent admission that years of cyber policy have failed, prompting a complete reset of our approach to digital defence.^1^ The current system of accountability has left much of the British government vulnerable to cyberattacks, with responsibilities for risk “unclear at all levels.”
What does this mean in practical terms? Well, for starters, the government just unveiled a new £210 million cyber action plan aimed at improving the resilience of public services online. Digital minister Ian Murray opened the debate by warning that cyber incidents can “take vital public services offline in minutes.”^3^ The numbers paint a worrying picture – nationally significant cybersecurity incidents skyrocketed to 204 in just one year, more than doubling from 89 the previous year.
The Cybersecurity Angle: Corporate Experts on the Front Line
Here’s where things get particularly interesting for those of us in the corporate cybersecurity world. As Britain faces this new security reality, corporate cybersecurity experts are finding their expertise increasingly valuable to national security efforts. The government is actively seeking to leverage private sector knowledge and experience to strengthen our digital defences through partnerships and consultations rather than any formal service requirement.
The Cyber Security and Resilience Bill, currently making its way through Parliament, is expected to impose new duties across the industrial supply chain including proactive management of cyber risk, elevating cybersecurity to become a compliance issue, and securing connected assets across their lifecycle. For SMEs, which account for 99.9% of UK businesses, this marks a major shift.
MPs have been particularly focused on ensuring an appropriate regulatory burden, questioning whether organisations would face disproportionate compliance costs. Stuart Davey, an expert in critical national infrastructure cybersecurity, noted that many MPs’ comments centred on ensuring the scope captures the right entities while excluding lower risk smaller organisations.
The Economic Implications: Supply Chain Vulnerabilities
Let’s talk about the economic elephant in the room. If Britain were dragged into a full-scale war, the economic consequences would be catastrophic. Our complex supply chains create particular cybersecurity headaches, as they’ve become increasingly digitised and interconnected.
The government’s new cyber action plan, supported with £210 million investment, will be delivered across three phases and includes steps to hold organisations accountable for improving their cyber defences. This includes setting minimum standards and investing in cross-government platforms, services and infrastructure to address critical risks.
For businesses providing services to the government, the implications are significant. They’ll need to monitor the implementation progress of the plan, including assessing whether their software security practices align with the Software Security Code of Practice. The government aims to promote this voluntary framework through the new Software Security Ambassador Scheme, with the aim of reducing software supply chain attacks and related disruption.
The NATO Question: Is the Alliance Fracturing?
So, is this really the beginning of the end for NATO? The short answer is probably not, but the alliance is undoubtedly undergoing significant strain. The UK government’s move to refresh its cyber strategy in 2026, four years before the previous plan’s end date, highlights how the pace of cyber threats is outstripping earlier plans.
The key objective of the previous Government Cyber Security Strategy, designed to span from 2022 to 2030, was to make government a significantly hardened target by 2025, and all government organisations across the public sector resilient by 2030. Clearly, that timeline is no longer deemed adequate.
What’s particularly concerning is that the publication of this new plan coincides with the second reading of the Cyber Security and Resilience Bill in Parliament, where MPs have criticised the suggestion that it would establish a two-tier system between obligations on private sector companies versus public sector entities operating essential services.
Preparing for the New Reality: What Should Businesses Do?
For businesses, particularly those in critical sectors or government supply chains, the message is clear: prepare for increased scrutiny and regulatory requirements. Organisations can prepare for compliance by reviewing existing incident response plans and conducting supply chain risk assessments.
The Public Bill Committee has launched a call for evidence seeking views on the bill, scheduled to meet on 3 February 2026 to scrutinise the bill line by line and expected to report on 5 March 2026. This presents an opportunity for businesses to shape the final legislation.
The NCSC has published guidance to help businesses effectively manage cyber risk by supporting their use of Cyber Essentials across their supply chains.^5^ Alongside driving uptake of Cyber Essentials, businesses may also consider aligning with the Cyber Assessment Framework principles and the Cyber Governance Code of Practice, a dedicated package to support board members and directors in governing cyber security risks.
The Human Element: Beyond Technical Solutions
Here’s something we often forget in discussions about cybersecurity and national defence – it’s ultimately about people. The government’s new centralized approach promises to deliver clearer visibility of cybersecurity risks across government departments, more coordinated decision-making to counter threats, and dramatically faster response times to emerging attacks.
But technology alone won’t solve these challenges. As cybercrime continues to grow – if it were a national economy, it would rank as the world’s third largest, with projections suggesting global scams could cost £27 trillion by 2027 – we need to focus on building resilience at every level of society.
This means investing in people as much as in technology. It means creating a culture where cybersecurity is everyone’s responsibility, not just the IT department’s problem. And it means recognising that in an increasingly digital world, the line between national security and corporate security has become blurred beyond recognition.
Looking Forward: The Path Ahead for Britain
So where does this leave Britain? The reality is that we face a period of significant transition. The government’s reset of cyber policy, coupled with MPs’ warnings about the need to become ‘war ready’ without relying on the USA, signals a fundamental shift in our approach to national security.
The £210 million investment in cyber resilience is a start, but compared with spending by other nations – the US, Canada, Japan, Australia and South Korea are investing hundreds of millions to billions in their cybersecurity budgets – it’s clear that more resources will be needed.
For businesses, particularly those in critical sectors or government supply chains, the message is clear: prepare for increased scrutiny and regulatory requirements. The Cyber Security and Resilience Bill will impose new duties, and organisations would be wise to start preparing now by reviewing incident response plans and conducting supply chain risk assessments.
Final Thoughts
As we navigate these uncertain waters, one thing is clear: the status quo is no longer an option. Britain must indeed get ‘war ready’ – not necessarily in the traditional sense of tanks and fighter jets, but in terms of cyber resilience, supply chain security, and national preparedness.
The question isn’t whether we can afford to make these changes – it’s whether we can afford not to. In an increasingly interconnected world where cyber threats evolve at an alarming pace, the cost of inaction far outweighs the investment required to build true resilience.
So let’s roll up our sleeves and get to work. The challenges are significant, but so is our capacity to innovate and adapt. Britain has faced greater threats before and emerged stronger. With the right combination of technological investment, regulatory clarity, and public-private cooperation, we can build a more secure future for ourselves and generations to come.
After all, isn’t that what resilience is all about? Not just surviving the storms, but emerging from them stronger and more prepared for whatever comes next. The time for debate is gradually giving way to the time for action – and action is precisely what’s needed now.