Skip to main content
Cybersecurity

UK Cybersecurity Market Booms as Government Targets Enhanced Resilience

Young professionals and entrepreneurs work on laptops in a bustling office with a cityscape background.

“The UK has a world‑class cyber sector that is creating skilled jobs and protecting our economy – and government is doing more by investing in its own defenses, legislating to require more of essential services and setting clear national standards,” said cybersecurity minister, baroness Lloyd.

Economic scale: £14.7bn in revenue, rising employment

The UK’s cybersecurity market generated £14.7bn ($19.9bn) in revenue last year, the government reported on 13 May. That activity produced £9.1bn ($12.3bn) in gross value added — a 17% annual increase — and supported nearly 70,000 jobs, up 3% year‑on‑year. The government also estimated there are 2,603 cybersecurity firms active in the UK, a 20% increase compared with the prior year.

AI security firms surge: 111 companies and 68% growth

Within that expanding sector, firms offering cybersecurity products and services tailored to AI grew sharply. The number of UK companies in that niche rose an estimated 68% annually to 111. The government and industry officials framed that expansion as both an economic opportunity and a response to new technical risks associated with powerful models such as Mythos Preview and GPT-5.5.

Technical recommendations from the AI Security Institute

The AI Security Institute (AISI) cautioned that “the jury’s still out on whether” Mythos Preview can successfully attack “well‑defended systems,” and urged organisations to harden their setups regardless. AISI recommended “machine‑speed” system scans to identify and fix misconfigurations and vulnerabilities, enhanced threat detection, and automated response actions. The government encouraged UK companies to work with domestic startups to adopt advanced solutions, including “more secure memory‑safe systems.”

Cyber Resilience Pledge and the push for voluntary action

The government unveiled a voluntary Cyber Resilience Pledge at the CYBERUK conference in Glasgow last month and said it will launch officially later this year. The pledge asks organisations to take three concrete steps: make cybersecurity a board‑level responsibility; sign up to the National Cyber Security Centre’s free Early Warning Service; and require Cyber Essentials certification across their supply chains. Ministers have written to some of the UK’s largest companies inviting them to sign up, though the government acknowledged critics who say a voluntary approach will not be enough.

How policymakers and enterprises are responding

  • Policymakers: The Cyber Security and Resilience Bill will continue its passage through parliament following the King’s Speech on 13 May, signalling a parallel legislative route to raise resilience for critical infrastructure providers.
  • Enterprises and procurement leaders: Ministers’ letters and the Cyber Resilience Pledge are direct asks to large companies to adopt board‑level responsibility, the National Cyber Security Centre’s Early Warning Service, and Cyber Essentials across supply chains.
  • Government‑facing public policy advocates: Halcyon’s senior director for government affairs and public policy, Meredith Burkhart, warned of measurable costs from inaction on ransomware and argued the Bill’s focus on incident reporting, MSP accountability, and essential service protections mirrors steps abroad. She said harmonising frameworks across allied nations “matters enormously for our shared ability to hold ransomware criminals accountable.”

The record assembled in the government update shows a market growing in size and in technical focus, driven in part by concerns about advanced AI models and by parallel incentives: voluntary commitments on resilience and an impending law aimed at critical providers. The next measurable developments to watch are the official launch of the Cyber Resilience Pledge later this year and the Cyber Security and Resilience Bill’s further progress through parliament after the King’s Speech on 13 May. Together, those steps will test whether a mix of market growth, voluntary sign‑up and legislation can keep pace with the threats sketched by AISI and the sector’s own rapid expansion.

https://www.infosecurity-magazine.com/news/uks-cyber-sector-grows-revenue-11/