
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:media="http://search.yahoo.com/mrss/">
    <channel>
        <title><![CDATA[ The Cloudflare Blog ]]></title>
        <description><![CDATA[ Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet. ]]></description>
        <link>https://blog.cloudflare.com</link>
        <atom:link href="https://blog.cloudflare.com/" rel="self" type="application/rss+xml"/>
        <language>en-us</language>
        <image>
            <url>https://blog.cloudflare.com/favicon.png</url>
            <title>The Cloudflare Blog</title>
            <link>https://blog.cloudflare.com</link>
        </image>
        <lastBuildDate>Tue, 07 Jul 2026 19:02:46 GMT</lastBuildDate>
        <item>
            <title><![CDATA[Cloudflare proudly joins the UK government's Cyber Resilience Pledge]]></title>
            <link>https://blog.cloudflare.com/cloudflare-joins-uk-cyber-resilience-pledge/</link>
            <pubDate>Tue, 07 Jul 2026 13:00:00 GMT</pubDate>
            <description><![CDATA[ The pledge is a voluntary framework inviting organizations to commit to foundational cyber security governance, board-level accountability, and supply chain rigor. For over a decade, Cloudflare has pioneered the core pillars of this framework: democratizing security, leadership accountability, and radical transparency. ]]></description>
            <content:encoded><![CDATA[ <p>Today, the UK government launched the <a href="https://www.gov.uk/government/news/businesses-across-britain-sign-up-to-cyber-resilience-pledge-as-ministers-urge-firms-to-strengthen-cyber-defences"><u>Cyber Resilience Pledge</u></a>: a voluntary framework inviting organizations to commit to foundational cybersecurity governance, board-level accountability, and comprehensive cybersecurity coverage across supply chains. <b>Cloudflare is </b><a href="https://assets.ctfassets.net/slt3lc6tev37/1WKiJC2ISsPozmIWk30ao5/99ff2bec7c1d9c927d221bf3f4aea218/DSIT_Cyber_Resilience_Pledge___Cloudflare__Letterhead.pdf"><b><u>proud to join</u></b></a><b> the pledge’s founding cohort of signatories </b>and continue our long-standing work with the Department of Science, Innovation and Technology (DSIT), National Cyber Security Centre, and others to shape a more secure, future-ready digital economy for the UK<b>.</b></p><p><a href="https://www.gov.uk/government/publications/cyber-resilience-pledge/cyber-resilience-pledge-declaration"><u>The pledge's</u></a> core pillars — democratizing security, leadership accountability, and radical transparency — have been at the heart of Cloudflare since day one. Instead of approaching this framework as a new set of commitments to meet, we see it as a welcome validation from the UK government of the security philosophy and principles Cloudflare has championed for over a decade. We are glad to see the rest of the industry moving in this direction.</p><p>This pledge is an important step, and it comes at a time of significant cyber risk. In the first quarter of 2026, Cloudflare's global network blocked an average of <a href="https://www.cloudflare.com/press/press-releases/2026/cloudflare-2026-threat-intelligence-report-nation-state-actors-and/"><u>234 billion cyber threats every day</u></a>. Recently, we mitigated a hyper-volumetric DDoS attack that peaked at <a href="https://blog.cloudflare.com/ddos-threat-report-2025-q4/"><u>31.4 Tbps</u></a>. At the end of 2025, Cloudflare data showed that the UK had risen to be the <a href="https://blog.cloudflare.com/ddos-threat-report-2025-q4/"><u>sixth-most targeted</u></a> location across the globe for DDoS attacks, with threat actors increasingly targeting application-layer services in financial services, aviation, and regional government infrastructure. This trend is consistent with broader data from the <a href="https://www.gov.uk/government/statistics/cyber-security-breaches-survey-20252026/cyber-security-breaches-survey-20252026#:~:text=Just%20over%20four%20in%20ten,UK%20charities%20%5Bfootnote%201%5D."><u>UK Cyber Security Breaches Survey</u></a>, which revealed that 43% of surveyed British businesses and 28% of charities reported suffering from a cyber incident this past year.</p><p>At the same time, frontier AI models are rapidly changing the security landscape, lowering the barrier to entry for attackers, and enabling more automated vulnerability scanning and more convincing phishing campaigns. Cloudflare has long been preparing for this shift. The defensive architecture we recently <a href="https://blog.cloudflare.com/frontier-model-defense/"><u>published</u></a> for frontier cyber models reflects the same principle: security has to evolve as quickly as the threats companies face. Every layer of that harness architecture, from ML-based attack scoring to Zero Trust access controls, is available to Cloudflare customers today.</p><p>Against that backdrop, the pledge does something essential: it recognizes that collective defense is critical. It asks organizations to make cyber resilience a leadership-level priority, to implement appropriate controls to boost threat awareness, and to help ensure supply chains meet a meaningful security baseline. Most breaches still exploit well-understood gaps, like unpatched systems, weak access controls, or poor vendor oversight. Encouraging more organizations to close those gaps through enhanced governance, monitoring, and implementation is a necessary starting point. </p><p>Cloudflare is fully aligned with the UK government's mission to elevate cybersecurity governance within companies and organizations of all sizes. Every organization that raises its baseline makes the Internet safer for everyone else. Our mission at Cloudflare is to help build a better Internet, and we have always believed that cybersecurity and resilience work best when they are universal. A more resilient Internet is a better Internet. </p>
    <div>
      <h2>Why resilience matters</h2>
      <a href="#why-resilience-matters">
        
      </a>
    </div>
    <p><a href="https://www.cloudflare.com/learning/security/what-is-cyber-resilience/#:~:text=Unlike%20organizations%20that%20focus%20on,can%20cause%20when%20they%20happen."><u>Cyber resilience</u></a> is increasingly recognized as a core business requirement. Customers expect services to be available at all times, responsive, and trustworthy. And that’s true even when the environment gets more challenging to operate in, whether from increased attacks, outages, abuse, or complexity. </p><p>Resilience ultimately is not just about recovering after something goes wrong. It is about designing security systems and operating models that can proactively track threat signals, seamlessly absorb disruptions, and adapt to be better. In this way, security and resilience are inseparable. Security controls are what make resilience real. </p>
    <div>
      <h2>How Cloudflare helps strengthen resilience through security</h2>
      <a href="#how-cloudflare-helps-strengthen-resilience-through-security">
        
      </a>
    </div>
    <p>Thanks to the scale of our network, we can help organizations build resilience by shifting protection closer to the edge, before threats reach core systems. We think about cyber resilience through a few core architectural principles:</p>
    <div>
      <h3>Security as a default, not a product tier</h3>
      <a href="#security-as-a-default-not-a-product-tier">
        
      </a>
    </div>
    <p>Cloudflare believes baseline security protections should be available to all and has been living that principle since our founding. We were the <a href="https://blog.cloudflare.com/introducing-universal-ssl/"><u>first</u></a> to offer SSL certificates, required for traffic encryption, to all users. We protect vulnerable voices through our Impact programs like <a href="https://www.cloudflare.com/galileo/"><u>Project Galileo</u></a> and the <a href="https://www.cloudflare.com/athenian/"><u>Athenian Project</u></a>. We continuously push the boundaries of Internet cryptography, including the <a href="https://blog.cloudflare.com/post-quantum-crypto-should-be-free/"><u>deployment of post-quantum cryptography</u></a> across our network. Our <a href="https://www.cloudflare.com/en-gb/plans/free/"><u>free plan</u></a> includes unmetered DDoS protection regardless of the size, duration, or volume of attacks, and also provides access to a global content delivery network (CDN) and DNSSEC. These capabilities have historically required expensive hardware and specialist security teams. But the pledge’s aim of elevating organizational resilience and raising the cyber resilience floor across the UK economy only works if small businesses, local authorities, public services, and startups can afford to participate. Our model directly supports that goal.</p>
    <div>
      <h3>The network is the sensor</h3>
      <a href="#the-network-is-the-sensor">
        
      </a>
    </div>
    <p>Because Cloudflare directly peers with more than 13,000 networks globally, we see attack patterns as they emerge. Threat intelligence collected in one part of the network can be turned into protection everywhere else in a matter of seconds. A threat detected while mitigating an attack on a customer in Singapore can become a rule that helps protect a customer in Sheffield moments later. That same visibility also helps improve how we detect, score, and respond to attacks across Cloudflare’s network and security services. Visibility at scale leads to resilience at scale for Cloudflare’s customers and network.</p>
    <div>
      <h3>Cloudflare is customer zero</h3>
      <a href="#cloudflare-is-customer-zero">
        
      </a>
    </div>
    <p>Our customers benefit from the exact same industry-leading security products and infrastructure that safeguard our own systems. Cloudflare employees use Cloudflare Access and Gateway to reach internal applications, and every request to an internal system requires hard key-based multi-factor authentication, posture checks, and cryptographically verified identity tokens. We test every security layer on ourselves first, and use our own internal learnings to build better security solutions for ourselves and our network. By integrating security into every level of the business, Cloudflare demonstrates a ground-up commitment that sits at the very heart of the pledge.</p>
    <div>
      <h3>Transparency and response</h3>
      <a href="#transparency-and-response">
        
      </a>
    </div>
    <p>Finally, resilience requires honesty and transparency when things go wrong and a commitment to strengthen systems for the future. When <a href="https://blog.cloudflare.com/how-cloudflare-mitigated-yet-another-okta-compromise/"><u>security incidents</u></a> or zero-day vulnerabilities emerge, we publish deep-dive technical postmortems on the Cloudflare Blog. We share indicators of compromise and architectural retrospectives, so the broader security community can learn from our telemetry. But transparency is only the first step. We treat every incident as a mandate to make our network more resilient. After a significant outage last fall, our <a href="https://blog.cloudflare.com/code-orange-fail-small-complete/"><u>Code Orange</u></a> effort mobilized engineering teams to rebuild for resilience. They designed systems to "fail small," and built new tooling to enforce safer configuration changes and automate best practices, so the same failure can't happen twice.</p>
    <div>
      <h2>How Cloudflare implements the Cyber Resilience Pledge commitments</h2>
      <a href="#how-cloudflare-implements-the-cyber-resilience-pledge-commitments">
        
      </a>
    </div>
    <p>As noted above, today’s voluntary pledge asks companies and organizations to commit to certain standards in board responsibility and governance, supply chain security, and the technical requirements under the UK’s <a href="https://www.cloudflare.com/trust-hub/compliance-resources/cyber-essentials/"><u>Cyber Essentials</u></a> certification scheme. As a global cybersecurity and network resilience provider, we operate an advanced internal cybersecurity governance model. </p>
    <div>
      <h3>Board responsibility and governance</h3>
      <a href="#board-responsibility-and-governance">
        
      </a>
    </div>
    <p>With cybersecurity and resilience at the core of Cloudflare's global business, we are proud to be a leader in <a href="https://www.cloudflare.com/the-net/top-of-mind-technology/security-boardroom/"><u>developing and advocating for</u></a> practices that strengthen cybersecurity at the board level.</p><p>Our Board of Directors treats cyber risk oversight as a core responsibility. Cloudflare’s Board receives cybersecurity briefings from our Chief Security Officer on at least a quarterly basis, including direct threat briefings. In addition, the Audit Committee of the Board receives quarterly briefings on enterprise risk management that include a specific focus on cyber risks and the company's process for regularly reviewing and mitigating cyber threats and risks.</p><p>We are grateful that DSIT's toolkit and resources are available to benchmark, reinforce, and support boards' ongoing governance efforts across the entire UK economy.</p>
    <div>
      <h3>Supply chain security and Cyber Essentials (CE)</h3>
      <a href="#supply-chain-security-and-cyber-essentials-ce">
        
      </a>
    </div>
    <p>Cloudflare adheres to rigorous international security compliance certifications. We require our supply chain to meet comprehensive international standards that incorporate and build upon the core requirements of Cyber Essentials. Cloudflare manages vendor risk globally, prioritizing comprehensive international security frameworks that encompass and exceed the fundamental technical controls of the Cyber Essentials program.</p><p>More specifically, Cloudflare requires critical suppliers to adhere to rigorous, internationally recognized security compliance certifications and reports — primarily ISO 27001 and SOC 2 Type II. These frameworks explicitly require the implementation of firewalls, secure configurations, user access controls, malware protection, and patch management (the five core pillars of Cyber Essentials).</p><p>Cloudflare will continue to use a risk-based methodology to evaluate suppliers. We commend DSIT for expanding access to the Cyber Essentials Supplier Check Tool, which Cloudflare can adopt for localized supply chain validation within the UK. And for global suppliers where UK Cyber Essentials is not a native or practical certification, Cloudflare will accept equivalent international certifications (like ISO 27001) as sufficient verification of a robust security posture. These practices help ensure that Cloudflare's critical supply chain undergoes stringent security vetting, meeting the risk-reduction outcomes intended by Cyber Essentials.</p>
    <div>
      <h2>Onward</h2>
      <a href="#onward">
        
      </a>
    </div>
    <p>Cyber resilience is not a one-time pledge — it is a continuous practice of building systems that fail safely, recover quickly, and learn to be better. For organizations across the UK, it means making cybersecurity a business-critical priority, with leadership buy-in, teams that understand the threats they face, and supply chains managed for risk. The pledge sets a baseline that every organization should strive to meet.</p><p>Cloudflare built its platform on the belief that security and resilience should be universal and available to both the smallest developer and the largest enterprise. We are proud to stand with DSIT and the other signatories of this pledge, and look forward to continued partnership and innovation to elevate cyber resilience across the UK and around the globe.</p> ]]></content:encoded>
            <category><![CDATA[United Kingdom]]></category>
            <category><![CDATA[Cybersecurity]]></category>
            <category><![CDATA[Policy & Legal]]></category>
            <category><![CDATA[Security]]></category>
            <guid isPermaLink="false">3xHevpKOOM76zUSrlPcQno</guid>
            <dc:creator>Katie Visser</dc:creator>
            <dc:creator>Ling Wu</dc:creator>
        </item>
    </channel>
</rss>