British companies are preparing to lift cybersecurity spending sharply over the next year as artificial intelligence, geopolitical shocks and supply-chain disruption turn digital resilience into a boardroom priority.A survey of 1,000 senior decision-makers found that 68 per cent of UK firms expect to increase cybersecurity investment over the next 12 months. The shift comes as companies try to balance the productivity gains from AI and automation with the higher exposure created by faster adoption of new technologies, cloud systems and digital supply chains.
Cybersecurity has moved from a defensive IT function to a core business risk issue. Almost half of firms said new technologies were increasing their exposure to cyber threats, while fewer than three in 10 expressed confidence in their ability to respond to a major cyber incident. The findings point to a widening gap between the speed of technology deployment and the maturity of corporate resilience planning.
Large companies are leading the spending push. More than a third of large firms have increased cybersecurity investment since the start of 2026, compared with about a quarter of smaller businesses and a small share of micro firms. Average cybersecurity spending so far this year stood at about £505,000, rising to around £1.3 million for large businesses, £134,000 for small firms and £15,000 for micro enterprises.
Artificial intelligence is a central driver of the new spending cycle. More than half of companies said AI and automation had improved productivity, with staff spending less time on administrative tasks, making faster decisions and focusing more on higher-value work. Over six in 10 firms said they were using agentic AI, a form of technology that can perform tasks with greater autonomy than conventional software tools.
The same adoption curve is creating fresh vulnerabilities. Companies cited accuracy and reliability of AI outputs, data security, cybersecurity risks and implementation costs among their main concerns. Over the next two years, firms plan to use AI for data analysis and forecasting, administrative automation, customer experience and cybersecurity, showing that the technology is becoming both a source of risk and a tool for managing it.
Matt Hammerstein, chief executive of Barclays UK Corporate Bank, said businesses were operating in an environment where uncertainty had become the norm. He said geopolitical instability and high costs were feeding directly into cashflows, borrowing decisions and investment plans, but companies were still prioritising investment that strengthened resilience, productivity and long-term competitiveness.
The broader risk environment has intensified pressure on boards. UK businesses are facing higher energy and fuel costs, shipping disruption and supply-chain stress linked to conflict in the Middle East. Eight in 10 firms reported a negative impact from the conflict, while one in five said they were pausing investment plans because of geopolitical uncertainty. More than a third expect to pass higher costs to customers through price increases.
Small businesses appear to be responding defensively by cutting borrowing and increasing savings to build financial buffers. Larger firms are taking a different path, increasing longer-term borrowing while reducing savings, a pattern that suggests bigger companies are still willing to fund strategic technology investments despite market uncertainty.
Cyber threats remain widespread across the UK economy. More than four in 10 businesses identified a cyber breach or attack over the past year, equivalent to hundreds of thousands of companies. Phishing remains the dominant form of cyber crime, but ransomware, hacking, denial-of-service attacks and malware continue to pose risks, particularly where organisations lack formal incident response plans.
Governance is improving, though unevenly. Cybersecurity is treated as a high priority by senior management in about seven in 10 businesses, but board-level responsibility is still far from universal. Formal incident response plans are more common among large companies than among micro and small firms, leaving many businesses reliant on informal procedures when attacks occur.
The UK cybersecurity sector is also expanding as demand rises. Annual sector revenue is estimated at about £14.7 billion, up by 11 per cent from the previous year, while exports have grown strongly. Specialist providers focused on cybersecurity for AI remain a small part of the market but are growing quickly as companies seek protection for machine-learning systems, automated decision tools and data pipelines.
Topics
Technology