AI-fuelled cyber-attacks set to surge against UK firms
Cybersecurity leaders expect UK organisations to face faster, more sophisticated cyber-attacks in 2026, as AI-driven threats combine with persistent skills shortages and underinvestment in basic defences.
Dave Spence, Cybersecurity Leader at DXC Technology UKI, said the volume and severity of incidents in the past year had pushed the sector to what he described as a "critical tipping point" and warned that many companies still lack essential protections.
Recent figures from the UK government show that 43% of businesses experienced a cyber-attack in the past year. Security specialists say this level of exposure is reshaping boardroom priorities and driving renewed attention on resilience, incident response and regulatory compliance.
Ransomware pressures
Ransomware incidents remain a central concern for large organisations and regulators. Spence highlighted high-profile cases, including the attack on Jaguar Land Rover, as examples of the growing national impact of disruption to critical industries and supply chains.
Attackers are also demanding larger payments. Spence pointed to evidence that average ransomware payouts now exceed USD $1 million, which is adding pressure on corporate finances, insurance negotiations and recovery plans.
"With the UK government reporting that 43% of businesses experienced a cyber-attack in the past year, it's safe to say the cybersecurity landscape has reached a critical tipping point in 2025. Threats are not only more frequent but increasingly sophisticated and being accelerated by the use of AI. The impacts of ransomware incidents are also becoming a national concern, as exemplified by the recent event at Jaguar Land Rover, and average payouts are now exceeding $1million further increasing the financial impact of cyberattacks," said Dave Spence, Cybersecurity Leader, DXC Technology UKI.
Security teams report that attackers are moving more quickly once they gain access to systems. That has increased the focus on detection and response speeds, as well as containment procedures and recovery planning.
Policy and regulation
Spence said the rapid pace of breaches is strengthening the business case for updated security frameworks and fresh legislative action. The Cyber Security Resilience Bill, which was recently introduced in parliament, aims to raise standards and set clearer expectations for organisations that manage sensitive data and critical services.
Companies are reviewing how they align with these evolving requirements. Many are revisiting risk assessments, governance structures and reporting processes as regulators increase scrutiny of cyber preparedness.
Spence said organisations will face significant investment choices in 2026 as they seek greater resilience. He argued that many still grapple with essential controls such as regular patching and multi-factor authentication, and continue to face internal challenges when they request appropriate security budgets.
Skills gap concerns
Industry surveys have repeatedly highlighted shortages of experienced security staff in the UK market. Spence said the gap between demand and available talent remains a major constraint on organisations that want more mature security operations.
He linked the skills shortage with budget limits, which he said restrict the ability of companies to hire, train and retain specialists in areas such as incident response, threat hunting and security architecture.
Spence warned that these pressures leave organisations exposed. He said the mix of constrained talent and constrained budgets has become a clear business challenge and argued that security cannot rely on partial measures.
"Breaches are occurring at unprecedented speed, creating a clear business case for modernised security frameworks and new legislation such as the Cyber Security Resilience Bill that was recently introduced in parliament. In 2026, organisations will need to make critical decisions about where to make investments to accelerate their resilience. Many businesses still struggle with the basics (such as patching and multi-factor authentication) and making the case for adequate budgets. The lack of investment is reflected in the cybersecurity teams themselves, where the skills gap is persisting and organisations are unable to find, or afford, the talent that they need to stay ahead. The mix of talent and budget is a clear business challenge since cybersecurity is not the type of area where "close enough" means "good enough,"" said Spence.
AI in security operations
As threats grow in volume and complexity, interest is rising in the use of AI within security operations centres. Spence said organisations are examining agentic AI tools that can automate parts of monitoring, investigation and remediation workflows.
Security teams often manage a continuous stream of alerts, many of which are false positives but some of which indicate active compromise. Spence said the pressure on analysts is intense and organisations cannot afford to miss critical signals that may point to major breaches.
"Increasingly organisations are turning to new technologies to help them close the gaps with the same or less money. An area in Cybersecurity where interest is peaking is in using agentic AI in security operations and monitoring. These teams face an endless stream of alerts that could either be nothing or the next big breach. Organisations cannot afford to let anything slip through the cracks. Agentic AI can reduce manual processing bottlenecks and increase consistency in analysis by handling time intensive tasks like investigation and remediation ensuring analysts focus only on what truly matters. The impact is significant: companies can save 30 minutes to 2.5 hours per investigation and cut analyst tickets by over 90%. If organisations want to win the cyber battle, the speed of response needs to match the ever-accelerating speed of attack," said Spence.
Spence said the coming year will test how quickly organisations can adjust their security postures, close basic control gaps and adopt selective automation as attack speeds continue to rise.
