UK companies have opened their wallets wide for artificial intelligence projects and cybersecurity upgrades. They do so even as many acknowledge the new tools could create fresh openings for attackers. Short. Direct. The numbers tell a story of ambition mixed with unease.
According to a TechRadar report published today, around two-thirds of businesses plan to lift cybersecurity budgets over the next 12 months. Cloud, cyber and AI together make up 44 percent of planned technology spending. More than half of firms already report productivity gains from AI. Yet nearly half worry that adopting these technologies heightens their exposure to attacks.
Barclays surveyed 1,000 decision-makers in April and May 2026 for its Q1 Business Prosperity Index. The bank found average cybersecurity spending this year has hit £505,000. For larger organisations that figure climbs to £1.3 million. Smaller firms spend far less. Still, 36 percent of large companies have already boosted cyber budgets in 2026. Only 26 percent of small businesses and 4 percent of micro businesses have done the same. Infosecurity Magazine detailed these figures on May 27.
Productivity wins appear real. Fifty-two percent of companies say AI has improved administration, decision-making and time for higher-value tasks. Sixty-one percent now deploy agentic AI in daily workflows. And yet concerns linger. Twenty-six percent fret about the accuracy and reliability of AI outputs. Twenty-four percent point to specific data security and cybersecurity dangers from rolling out the technology. Forty-six percent overall believe new tools increase their vulnerability.
Confidence meets caution
Eighty-two percent of leaders claim their cybersecurity measures keep pace with technological change. But that assurance cracks when pressed. Almost half admit new systems could open doors. Geopolitical tensions add pressure. Four in five business leaders report negative effects from conflict in the Middle East. One in five now fears they may need to pause investments altogether. Matt Hammerstein, CEO of Barclays UK Corporate Bank, put it plainly. “Uncertainty has become the norm.” Firms respond by tightening discipline, guarding cash and directing money toward resilience and long-term strength.
The UK government’s own data reinforces the picture. Its Cyber Security Breaches Survey 2025/2026, released in recent months, shows 43 percent of businesses suffered a breach or attack in the past year. That equals roughly 612,000 organisations. Phishing dominates. It accounts for the vast majority of incidents and causes the most disruption. Only 31 percent of businesses assign board-level responsibility for cybersecurity. Fifteen percent review risks from immediate suppliers. Just 6 percent look further down the chain. GOV.UK published the full survey findings.
AI adoption sits at 31 percent of businesses using, implementing or considering the technology. Of those, only 24 percent maintain dedicated cybersecurity practices to handle the associated risks. The gap stands out. Government researchers and the National Cyber Security Centre have warned that AI can amplify threats. Adversaries use it to craft convincing deepfakes, automate phishing at scale and probe systems faster than humans can respond. A separate KPMG Global Tech Report 2026 found cybersecurity ranks as the top area for budget increases among UK organisations this year. More than half of tech executives plan double-digit rises. Paul Henninger, Head of Technology and Data at KPMG UK, noted the shift. He said organisations are “putting real money behind cyber resilience.” The KPMG press release appeared in January.
Sector analysis from the Department for Science, Innovation and Technology adds depth. The 2026 cyber security sectoral report highlights explosive demand for services that both use AI to detect threats and secure AI systems themselves. Firms report moving from one-off AI security projects to steady pipelines. Penetration testing of AI applications, risk consultancy and training on safe adoption now form regular work. Venture capital investors quoted in the report see opportunity. One said there is “a real opportunity to lead both in AI and AI security.” The full analysis sits at GOV.UK.
Yet readiness varies sharply by size. Large enterprises treat AI and cybersecurity as joint priorities, each cited by 24 percent as future funding targets. Smaller outfits lag. Many micro businesses still allocate tiny sums to protection. They build cash reserves first. The Barclays data shows this staggered approach. It also reveals that 68 percent of all leaders expect higher cyber outlays ahead. Geopolitical uncertainty and rapid AI rollout drive the surge.
Costs of failure remain high. The IBM Cost of a Data Breach Report, referenced across recent coverage, puts the average UK breach at £3.4 million. Ransomware, supply-chain compromises and AI-powered social engineering top threat lists compiled by consultancies such as CACI. The National Cyber Security Centre has assessed that AI will shape threats through at least 2027, enabling faster, more targeted campaigns. Its report appears at NCSC.
Businesses find themselves in a race. They race to capture AI gains while racing to close the gaps those gains create. Some invest in AI-native defences against deepfakes and vishing. Others focus on guardrails, prompt injection protection and detection of shadow AI. The UK cyber sector itself grows. It generated £13.2 billion in revenue last year and added thousands of jobs. Much of that expansion ties to AI-related services.
So the spending continues. Budgets rise. Confidence is expressed in public. But behind closed doors, half the leaders admit worry. New technologies promise efficiency and insight. They also hand adversaries powerful new instruments. UK firms bet that heavier investment in both AI and its protection will deliver advantage. The coming quarters will test whether that bet pays off or simply shifts the attack surface. And the numbers keep climbing.
WebProNews is an iEntry Publication