The UK government reported that its cybersecurity sector generated £14.7 billion ($19.9 billion) in revenue during the past year, contributing £9.1 billion to the national economy in gross value added, a 17% annual increase. The industry now employs nearly 70,000 people across an estimated 2,603 active cybersecurity firms, representing 20% year-on-year growth in company numbers. Notably, UK firms offering AI-focused cybersecurity products and services grew by 68% annually to reach 111 companies.
The government unveiled the Cyber Resilience Pledge at the CYBERUK conference in Glasgow, set to launch officially later this year. Cybersecurity minister Baroness Lloyd emphasized that businesses of all sizes need to take practical action as threats continue to change. Ministers have written to some of the UK's largest companies inviting them to participate, though the voluntary nature of the pledge has drawn criticism from experts who argue it does not adequately address the scale of current security challenges.
Security concerns have intensified with the emergence of powerful AI models like Mythos Preview and GPT-5.5, which threaten to accelerate the arms race between network defenders and threat actors. A recent AI Security Institute (AISI) report on Mythos Preview indicated uncertainty about whether the model can successfully attack well-defended systems. The AISI recommended machine-speed system scans to identify and fix misconfigurations and vulnerabilities, enhanced threat detection capabilities, and automated response actions to reduce attack surfaces and limit breach impacts.
The Cyber Security and Resilience Bill will continue its passage through parliament following the King's Speech on May 13, representing the government's legislative approach to forcing improvements in resilience for critical infrastructure providers. The bill focuses on incident reporting requirements, managed service provider accountability, and protections for essential services. Industry observers note similarities between this UK legislation and the US Cyber Incident Reporting for Critical Infrastructure Act.
Security experts stress that the cost of inaction on ransomware extends beyond financial losses to affect patient care and business operations. Harmonizing these regulatory frameworks across allied nations is considered vital for holding ransomware criminals accountable. The government has encouraged UK companies to work with domestic startups to adopt advanced solutions, including more secure memory-safe systems, as part of a broader strategy to strengthen national cyber defenses.
Source: https://www.infosecurity-magazine.com/news/uks-cyber-sector-grows-revenue-11/