Asked by: Andrew Snowden (Conservative - Fylde)
Question to the Home Office:
To ask the Secretary of State for the Home Department, with reference to the Minister for Security's speech entitled Minister calls on business leaders to act now against cyber risks, published on 14 October 2025, what steps she is taking to encourage businesses in Fylde constituency to sign up for the Early Warning service.
Answered by Dan Jarvis - Minister of State (Cabinet Office)
The National Cyber Security Centre (NCSC), law enforcement and industry offer a comprehensive package of cyber protection measures designed to strengthen national resilience against online threats.
One of those measures is the NCSC Early Warning Service, which is a free, easy-to-use alert system that notifies UK organisations of potential cyber threats affecting their networks. By signing up, businesses receive timely alerts that can help detect and respond to threats before they escalate, improving visibility and resilience across their digital infrastructure. Businesses can register via the MyNCSC portal: https://www.ncsc.gov.uk/section/active-cyber-defence/early-warning
The regional network of Cyber Resilience Centres (CRCs) in England and Wales, funded by the Home Office, offer the full package of measures to small and medium-sized enterprises, that often lack in-house expertise or awareness of cyber threats and risks.
CRCs bridge that gap by providing trusted guidance aligned with NCSC standards, offering tailored, bitesize advice and long-term support. CRCs also help organisations achieve Cyber Essentials certification – the UK Government-backed scheme setting five baseline controls proven to reduce cyber risk. Certification signals a commitment to security, strengthens supply chain assurance, and is recommended by NCSC as the minimum standard for all organisations.
The Early Warning Service is a key tool offered as part of this package of measures, with sign-up promoted to businesses in Fylde by the Cyber Resilience Centre for the North-West. We would advise all businesses in Fylde to join this local CRC, which can provide advice and tailored services appropriate to the individual needs of each business.
Asked by: Wendy Morton (Conservative - Aldridge-Brownhills)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, what recent assessment he has made of the adequacy of Government support for the (a) supply chain and (b) SMEs, in the context of the cyber attack on Jaguar Land Rover.
Answered by Chris McDonald - Parliamentary Under Secretary of State (Department for Energy Security and Net Zero)
We recognise that many automotive suppliers, particularly SMEs, are under pressure following the recent cyber incident at Jaguar Land Rover (JLR). The phased restart of production at JLR is now underway and is positive news, however the picture is still developing.
The Department for Business and Trade is continuing to monitor the situation and is working closely with JLR and industry bodies such as the Society of Motor Manufacturers and Traders to assess how the recent measures being taken and support being provided is helping suppliers, including SMEs.
Asked by: Laurence Turner (Labour - Birmingham Northfield)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the potential impact of the recent 5CA data breach on protecting consumers online.
Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)
As the UK's independent regulator for data protection, the Information Commissioner's Office (ICO) is responsible for monitoring compliance with the UK's data protection legislation and investigating complaints regarding breaches of the legislation. The ICO is investigating a data breach following a report by Discord.
The ICO provides guidance for the public on data protection on its website. Anyone concerned about the impact of the breach could also contact the ICO for further advice, by telephone on 0303 123 1113 and through its website: https://ico.org.uk/for-the-public/.
Businesses can help prevent data breaches by improving their cyber resilience using the guidance and tools on offer from the government. This includes the new Cyber Action Toolkit for small businesses, the highly effective Cyber Essentials scheme which prevents common cyber-attacks, and the Cyber Governance Code of Practice to help boards and directors manage digital risks.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Home Office:
To ask the Secretary of State for the Home Department, whether she plans to allow legitimate cyber activity (a) necessary for the (i) detection and (ii) prevention of crime and (b) justified as being in the public interest.
Answered by Dan Jarvis - Minister of State (Cabinet Office)
The Government is conducting an ongoing review of the Computer Misuse Act. As part of the review, we are scoping several proposals to update the act, including how we can better support legitimate cybersecurity researchers so they can operate within a clear and supportive legal framework, while maintaining robust safeguards against misuse.
Engagement, including with the cyber security industry, is underway to refine the approach and an update will be provided in due course.
Asked by: Sarah Edwards (Labour - Tamworth)
Question to the HM Treasury:
To ask the Chancellor of the Exchequer, what assessment she has made of the effectiveness of including Cyber Attacks within the Pool Reinsurance Company Limited Fund.
Answered by Lucy Rigby - Economic Secretary (HM Treasury)
Pool Reinsurance, or Pool Re, was created to ensure the effective functioning of the UK’s terrorism insurance market. The government do not have any plans to extend Pool Re’s remit to include further cyber-related risks.
Asked by: Mark Pritchard (Conservative - The Wrekin)
Question to the Foreign, Commonwealth & Development Office:
To ask the Secretary of State for Foreign, Commonwealth and Development Affairs, if she will make it her policy to amend the Sanctions and Anti-Money Laundering Act 2018 to (a) strengthen the powers and (b) expand the (i) jurisdictional reach and (ii) scope of the Cyber (Sanctions) (EU Exit) Regulations 2020 to help reduce ransomware attacks.
Answered by Stephen Doughty - Minister of State (Foreign, Commonwealth and Development Office)
The government is committed to calling out malicious cyber activities that threaten the UK's national interests and economic prosperity. Sanctions are an important part of our diplomatic toolkit, helping us to disrupt ransomware operations.
Our cyber sanctions regime allows us to impose cost and risk on those that carry out malicious cyber activity, and to deter others who consider similar acts. The regime is suitably broad, and allows us to freeze the assets of those around the world who have undermined the integrity, prosperity, or security of the UK and its partners. Under these powers, we have designated seventy-nine people, including sixteen members of prolific Russian cybercrime gang Evil Corp, and one of the senior leaders of LockBit which, at the time, was one of the most harmful ransomware operations affecting the UK.
We will continue to explore future use and implementation of our cyber sanctions regime against ransomware actors as part of a broader range of approaches to combat cybercrime globally.
Asked by: Alberto Costa (Conservative - South Leicestershire)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether she has made an assessment of the adequacy of technical support offered by technology companies to people who report cyber crime incidents affecting their products.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The Product Security and Telecommunications Infrastructure Act (2022) places a legal obligation on the manufacturers of internet-connected devices to offer a vulnerability reporting process. This means anyone - including users, security researchers and cyber crime victims - must have a clear, secure way to report vulnerabilities to device manufacturers. The Act also places a legal obligation on device manufacturers to support their products with software and security updates for a defined period.
Technical support for cyber crime victims is not regulated under the Act. Victims should report cyber crimes to the police via the Action Fraud website or phone line.
Asked by: Ruth Cadbury (Labour - Brentford and Isleworth)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what assessment he has made of the adequacy of the Civil Contingencies Act 2004 for responding to cyber attacks.
Answered by Dan Jarvis - Minister of State (Cabinet Office)
The Civil Contingencies Act (CCA) 2004 and the associated Regulations deliver a single framework for civil protection in the UK. The Cabinet Office has a legal obligation to review the CCA every five years. The most recent review was published in March 2022 and concluded that the Act continues to achieve its stated objectives. The next review will be by 2027.
The legislation is deliberately broad ranging and sets out the requirements to consider all emergencies that threaten serious damage to human welfare in the UK; the environment of a place in the UK; or war, or terrorism, which threatens serious damage to the security of the UK.
We have been clear that cyber security is an absolute necessity to protect the British people, our public services and businesses. The UK has arrangements in place for a range of potential emergencies, including cyber attacks.
Asked by: Helen Maguire (Liberal Democrat - Epsom and Ewell)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what estimate he has made of the cost to the public purse of cyber-attacks against the NHS since 2021.
Answered by Zubir Ahmed - Parliamentary Under-Secretary (Department of Health and Social Care)
We do not hold data for the total economic impact of cyber incidents on National Health Service organisations specifically.
Cyber-attacks can have a significant economic impact. The WannaCry cyber-attack in 2017 was estimated by the Department to have cost the NHS £92 million. Public estimates of the impact of the Synnovis cyber-attack stand at £32.7 million, according to accounts filed on Companies House.
NHS trusts are independent organisations with their own set budgets, and a decision will be made on a case-by-case basis as to whether the economic impact of smaller incidents is assessed.
Government is working to fully assess the impact of cyber-attacks on the wider public sector. It is worth noting that the economic impact of cyber incidents affected by a wide variety of complex factors. Further information about the financial cost of breaches or attacks can be found in the Cyber security breaches survey 2025, published by the Department for Science, innovation and Technology (DSIT). This is available at the following link:
Asked by: Alex Ballinger (Labour - Halesowen)
Question to the Ministry of Justice:
To ask the Secretary of State for Justice, what steps he is taking to ensure civil court judgments related to consumer fraud are effectively (a) satisfied and (b) enforced; and what steps he is taking to ensure perpetrators cannot continue with such behaviour.
Answered by Sarah Sackman - Minister of State (Ministry of Justice)
The civil courts offer several methods for creditors to enforce civil judgment debts, including warrants or writs of control, attachment of earnings orders, third party debt orders and charging orders. These processes are designed to address different financial circumstances and aim to make it as difficult as possible for judgment debtors to avoid their responsibilities. Individuals are encouraged to engage legal experts to consider the best option for their individual circumstances.
Victims of fraud are encouraged to report fraudulent activity and cybercrime to Action Fraud which is the UK’s national reporting centre run by the National Fraud Intelligence Bureau by of the City of London Police (national policing lead for economic crime).