UK Cybersecurity Market Hits £14.7bn, Fueled by AI Growth

The UK’s cybersecurity sector has reached a new milestone, generating £14.7bn ($19.9bn) in revenue last year, according to a government update released on May 13. The industry contributed £9.1bn ($12.3bn) to the national economy in gross value added, a 17% increase year-over-year, and now supports nearly 70,000 jobs, up 3%.

The number of active cybersecurity firms in the UK has grown to an estimated 2,603, representing a 20% annual rise. Notably, the number of companies offering AI-powered cybersecurity products and services surged by 68% to 111, reflecting the growing role of artificial intelligence in the sector.

“The UK has a world‑class cyber sector that is creating skilled jobs and protecting our economy – and government is doing more by investing in its own defenses, legislating to require more of essential services and setting clear national standards,” said cybersecurity minister Baroness Lloyd.

“As threats evolve, businesses of all sizes need to step up and take practical action now. The Cyber Resilience Pledge is a clear call for companies to strengthen their defenses, protect their customers and play their part in keeping the UK secure and competitive.”

The pledge, unveiled at the CYBERUK conference in Glasgow last month and set to launch officially later this year, encourages organizations to take three concrete actions: make cybersecurity a board-level responsibility, sign up to the National Cyber Security Centre’s free Early Warning Service, and require Cyber Essentials certification across their supply chains.

Ministers have written to some of the UK’s largest companies inviting them to sign up, though some experts have criticized the voluntary approach as insufficient to address the scale of the problem.

AI Changes the Game

The push for greater resilience comes as powerful new models like Mythos Preview and GPT-5.5 threaten to escalate the arms race between defenders and attackers. A recent report from the AI Security Institute (AISI) on Mythos Preview concluded that it remains unclear whether the model can successfully attack “well-defended systems.” The AISI urged organizations to double down on security best practices, reducing their attack surface and limiting breach impact.

Recommendations include machine-speed system scans to identify and fix misconfigurations and vulnerabilities, enhanced threat detection, and automated response actions. The government also encouraged UK companies to collaborate with domestic startups to adopt advanced solutions, such as memory-safe systems.

New Regulation Set to Land Soon

To bolster resilience among critical infrastructure providers, the government is advancing legislation. The Cyber Security and Resilience Bill will continue its parliamentary journey following the King’s Speech on May 13.

Meredith Burkhart, senior director for government affairs and public policy at Halcyon, stressed the high stakes. “The cost of inaction on ransomware is measured not just in pounds but also patient and business outcomes,” she said. “The UK’s Cyber Security and Resilience Bill, with its focus on incident reporting, MSP accountability, and essential service protections, mirrors steps the US is also taking through the Cyber Incident Reporting for Critical Infrastructure Act. Getting these frameworks right, and harmonized across allied nations, matters enormously for our shared ability to hold ransomware criminals accountable.”