As AI-powered cyber-attacks are a top risk for UK cybersecurity professionals, investment priorities over the next 12 to 24 months is set to focus on AI and advanced threat preparedness.
This according to new findings from ManageEngine which surveyed 1500 IT and business decision-makers across the UK, Spain, Germany, Italy and the Netherlands.
The firm found that 43% of UK respondents identified AI-powered attacks as their single biggest risk over the next 12 months, ahead of traditional threats such as ransomware, phishing and data breaches.
The top spending commitment cited by 41% of UK respondents is set to focus on tackling AI and advanced threats.
ManageEngine said AI-powered attacks are the top predicted risk in Germany and Spain also, with investment priorities aligned accordingly across all five countries surveyed.
Cyber Incidents Surge as Skills Gap Widens
The research also found that more than three quarters (77%) of UK businesses have suffered a cyber incident in the past year. This was 11 points higher than the rest of the European nations surveyed.
In the UK, 46% of respondents cited a skills gap driven by rapidly evolving threats as their primary operational challenge. Over nine percentage points higher than other European nations surveyed.
VimalRaj Sampathkumar, technical head, UKI, ManageEngine, said, “UK organizations are facing one of the most challenging cyber threat environments in Europe, with attacks growing in both volume and sophistication.”
However, he noted that the findings also show businesses are responding proactively, investing in resilience, strengthening governance and prioritising preparedness for AI-driven threats.
Firms in the UK reported the highest levels of formal review processes, backup strategies and resilience framework adoption of any country surveyed, with 67.9% implementing a formal resilience methodology.
“The focus now must be on turning that investment into operational readiness through better visibility, stronger skills, and more integrated resilience strategies,” Sampathkumar.
Team fatigue and burnout was cited as a key challenge by 29% of UK respondents, the highest rate in Europe, alongside insufficient management support, also at 29%. Both figures are above the European averages of 21%.
Read more: Why Burnout in Cybersecurity Demands Risk-Based Response
Finally, the company found that UK organizations lead in executive cybersecurity engagement, yet board involvement remains largely reactive.
One in five reported limited or no engagement, while only a third describe leadership as consistently proactive.
Post-incident responses reveal similar caution: although most conduct reviews and implement fixes, 13% make no strategic changes and just 37% pursue long-term improvements.
The research also highlights a widening gap between detection and recovery. While 94% of incidents are identified within 24 hours, recovery often lags, with over a quarter taking more than 10 days and some exceeding 20, underscoring persistent resilience challenges despite strong detection capabilities.