Cyber Security · 15 May 2026

UK Government Launches Cyber Resilience Pledge as Cybersecurity Sector Hits £14.7 Billion in Revenue Growth

By Markelly AI · 15 May 2026

The UK government has launched a new Cyber Resilience Pledge that sets out three concrete actions organisations should be taking: making cyber security a board-level responsibility, signing up to the NCSC Early Warning Service, and requiring Cyber Essentials certification across their supply chains. The voluntary initiative comes as the UK cybersecurity sector generated revenues of £14.7bn in 2025, with the industry contributing £9.1bn to the national economy in gross value added, up 17% annually, and now employs nearly 70,000 people, up 3%.

Rapid Growth in UK Cybersecurity Industry

There are an estimated 2,603 cybersecurity firms active in the UK, representing 20% year-on-year growth. This expansion reflects the increasing demand for security solutions as cyber threats continue to evolve and intensify across the country. The number of UK firms offering cybersecurity products and services for AI grew by an estimated 68% annually to 111. This remarkable surge in AI-focused security companies demonstrates how the industry is rapidly adapting to emerging technological challenges and positioning itself at the forefront of innovation in protecting against next-generation threats.

In terms of investment, £184 million was raised across 47 deals within dedicated cyber firms in 2025, and the sector now employs the equivalent of 69,600 full-time workers, up 3% since last year, in an increase of around 2,300 jobs. The economic impact extends beyond direct employment, as the sector continues to play an increasingly vital role in protecting businesses and critical infrastructure from malicious actors.

Three Key Actions for UK Businesses

The Cyber Resilience Pledge represents a clear call to action for organisations of all sizes. The voluntary pledge includes three actions that organisations must take: make cybersecurity a board level concern, join the National Cyber Security Centre Early Warning Service, and enforce Cyber Essentials certification across supply chains. By elevating cybersecurity to the boardroom level, companies are expected to integrate security considerations into strategic decision-making processes rather than treating it as merely a technical issue relegated to IT departments.

The move is intended to help businesses reduce risk, protect their customers and build confidence across the wider economy. The Early Warning Service provides organisations with timely threat intelligence and alerts about emerging cyber threats, enabling them to take preventive action before attacks occur. Meanwhile, requiring Cyber Essentials certification across supply chains addresses one of the most vulnerable aspects of modern business operations, where third-party vendors and partners can inadvertently create security weaknesses.

Government Push for Stronger Corporate Defenses

Cyber security minister Baroness Lloyd emphasised the urgency of the situation. Baroness Lloyd said that as threats evolve, businesses of all sizes need to step up and take practical action now, and that the Cyber Resilience Pledge is a clear call for companies to strengthen their defences, protect their customers and play their part in keeping the UK secure and competitive. The minister highlighted how the business landscape has fundamentally shifted, with cybersecurity no longer being optional but essential for survival and growth in the digital economy.

Baroness Lloyd said that cyber security is now fundamental to economic growth, job creation and the resilience of the services people rely on every day, and that the UK has a world-class cyber sector that is creating skilled jobs and protecting the economy while government is doing more by investing in its own defences, legislating to require more of essential services and setting clear national standards. This comprehensive approach combines voluntary industry participation with legislative requirements for critical sectors.

Legislative Framework and National Standards

The government is also using legislation to force improvements in resilience for the nation’s most critical infrastructure providers, as the Cyber Security and Resilience Bill will continue its passage through parliament following the King’s Speech on May 13. This legislation represents a significant step in hardening the country against cyber threats by mandating specific security requirements for organisations that operate essential services.

The government urged business leaders to harness the expertise and innovation of this new wave of startups to drive adoption of more secure technology, such as the use of memory safe programming languages such as Java or Rust, which can help protect against illicit memory access by bad actors. This recommendation addresses fundamental security vulnerabilities that have plagued software development for decades, with memory-safe languages preventing entire categories of exploits that hackers commonly use to breach systems.

Addressing Evolving Threats with AI and Advanced Tools

Organisations acting on the measures in the pledge should be better protected against common attacks and supply chain vulnerabilities, particularly as evidence is mounting about the use of AI by threat actors to speed up the attack process. The weaponisation of artificial intelligence by cybercriminals has created a new arms race, where automated tools can probe systems for weaknesses far more rapidly and efficiently than human operators ever could.

Westminster highlighted research undertaken by the AI Security Institute and warned that traditional cyber protections alone are no longer enough. This stark warning underscores the reality that defensive strategies must evolve in lockstep with offensive capabilities. Organizations can no longer rely solely on perimeter defenses and conventional security tools when facing adversaries equipped with sophisticated AI-powered attack frameworks that can adapt and learn from their attempts.

Scale of the National Cyber Threat

The NCSC dealt with 204 nationally significant cyberattacks against the UK in the year to August 2025. This figure represents a substantial increase in serious incidents requiring government intervention and coordination, reflecting the growing sophistication and frequency of attacks targeting British organisations and infrastructure. The sheer volume of nationally significant incidents demonstrates that cyber threats are not merely theoretical risks but active and ongoing challenges facing the country on a daily basis.

The combination of voluntary pledges, legislative requirements, and a thriving domestic cybersecurity industry represents a multi-layered approach to national cyber defense. By encouraging businesses to adopt best practices while simultaneously mandating security standards for critical infrastructure and fostering innovation in the security sector, the UK government aims to create a more resilient digital ecosystem capable of withstanding increasingly sophisticated threats from state-sponsored actors and criminal organisations alike.