The UK government has hailed the continued growth of its burgeoning cybersecurity sector, which generated revenues of £14.7bn ($19.9bn) last year.

In an update published on 13 May, the government said that the cybersecurity industry contributed £9.1bn ($12.3bn) to the national economy in gross value added, up 17% annually, and now employs nearly 70,000 people, up 3%.

Today, there are an estimated 2603 cybersecurity firms active in the UK, representing 20% year-on-year growth. The number of UK firms offering cybersecurity products and services for AI grew by an estimated 68% annually to 111.

Read more on UK cybersecurity: Cyber-Attacks on UK Firms Increase at Four Times Global Rate.

“The UK has a world‑class cyber sector that is creating skilled jobs and protecting our economy – and government is doing more by investing in its own defenses, legislating to require more of essential services and setting clear national standards,” said cybersecurity minister, baroness Lloyd.

“As threats evolve, businesses of all sizes need to step up and take practical action now. The Cyber Resilience Pledge is a clear call for companies to strengthen their defenses, protect their customers and play their part in keeping the UK secure and competitive.”

The pledge was unveiled at the CYBERUK conference in Glasgow last month. Set to launch officially later this year, it encourages organizations to take three concrete actions to boost their cyber resilience:

• Make cybersecurity a board-level responsibility 
• Sign up to the National Cyber Security Centre’s free Early Warning Service 
• Require Cyber Essentials certification across their supply chains

The government said ministers have written to some of the UK’s largest companies inviting them to sign up to the Cyber Resilience Pledge, although some experts have criticized the voluntary approach as not enough to address the scale of the problem.

AI Changes the Game

The calls for greater resilience come as powerful new models like Mythos Preview and GPT-5.5 threaten to start a new arms race between network defenders and threat actors.

A recent AI Security Institute (AISI) report on Mythos Preview claimed the jury’s still out on whether the model can successfully attack “well-defended systems.” In the meantime, it urged organizations to double down on security best practices to reduce their attack surface and limit the impact of breaches.

The AISI recommended “machine-speed” system scans to identity and fix misconfigurations and vulnerabilities, enhanced threat detection, and automated response actions.

The government urged UK companies to work with the country’s startups to adopt advanced solutions like more secure memory-safe systems.

New Regulation Set to Land Soon

The government is also using legislation to force improvements in resilience for the nation’s most critical infrastructure providers.

The Cyber Security and Resilience Bill will continue its passage through parliament following the King’s Speech on May 13.

The cost of inaction on ransomware in particular is measured not just in pounds but also patient and business outcomes, argued Halcyon's senior director for government affairs and public policy, Meredith Burkhart.

“The UK's Cyber Security and Resilience Bill, with its focus on incident reporting, MSP accountability, and essential service protections, mirrors steps the US is also taking through Cyber Incident Reporting for Critical Infrastructure Act,” she added.

“Getting these frameworks right, and harmonized across allied nations, matters enormously for our shared ability to hold ransomware criminals accountable.”