Approximately 69,600 full-time equivalent employees work in cyber security roles across the identified UK cyber security firms, an increase of about 2,300 jobs (3%) in the last 12 months.

GVA per employee in the UK cyber security sector increases from £116,200 to £131,200, a 13% rise.

In 2025, dedicated cyber security firms raised £184 million across 47 deals.

Over the next 12 months, organizations expect AI agents to increase by 85% and machine identities to increase by 77%, compared to the 56% growth in human identities.

47% of technology leaders report that customers are often or very often the first to detect service degradation or outages.

Ransomware payouts now average $40 million, nearly triple their level in 2024.

Regulatory fines average $51 million per organization.

57% of technology executives view regulatory fines as very or prohibitively disruptive.

36% of security leaders say downtime is often or very often misclassified as an IT issue.

The up-front cost of replacing technical professionals is typically 80% of their salary.

40% of organizations report being understaffed in cybersecurity and compliance.

43% of organizations say security concerns prevent them from getting value from AI, while 36% cite cost management challenges, 34% cite a general skills gap, and 30% cite legacy systems limitations.

Over 48,000 new CVEs were disclosed in 2025, a 20% year-over-year increase.

Injection (CWE-74) occurrences grew 3,110%.

66% of analyzed CVEs had minimal real-world applicability.

Only 40% of organizations have adopted malicious package detection.

53% of organizations self-host models from sources where malicious payloads have been detected.

45% of IT leaders believe AI has increased cyber risk significantly.

30% of executives and board members believe AI has increased cyber risk significantly.

51% of Americans aged 65 and older are extremely concerned about AI-powered fraud.