Policy paper

DSIT cyber security newsletter - May 2026

Published 21 May 2026

1. Director’s message 

It was great to see so many of the UK cyber community come together at the CyberUK event in Glasgow a few weeks ago. With threats evolving quickly, these conversations between government, industry and academia are more important than ever. 

A key topic of conversation was the rapid development of AI capabilities and its impact on cyber security. This brings into sharp focus the ongoing need to ramp up UK cyber resilience and the increasing importance of ensuring firms are developing software and technology which is secure by design. The government has been very active in this area and I’d like to draw your attention to the recent ministerial letter to businesses on AI, and the work of our AI Security Institute which is testing and evaluating new AI models.

I’d also like to congratulate Hacktonics, a spin‑out from the University of Bristol, on winning this year’s Cyber Den competition at CyberUK. Their success shows the strength of the UK’s cyber innovation pipeline and the value of turning research into practical solutions. Hacktonics are part of a rapidly growing UK cyber security industry: new figures we published earlier this month show revenue in the sector grew by 11% last year, with 2,300 new jobs created. 

Finally, many of you will have noticed the Security Minister say in his CyberUK speech that a full National Cyber Action Plan will be published this summer. We’re looking forward to that, along with further Parliamentary progress on the Cyber Security and Resilience Bill which, as announced in the recent King’s Speech, will return to Parliament during the second session.  

As always, thank you for your support and engagement. 

Rod Latham

Director, Cyber Security 

2. New figures show strong growth in the UK cyber security sector  

New statistics from the UK cyber security sectoral analysis 2026 show strong growth in the sector, with cyber firms generating revenue of £14.7 billion, up 11% on last year. The number of companies is up 20% to 2,603 whilst the sector has created 2,300 new jobs, bringing total direct employment in the sector to 69,600 people. 

For more information, including details on investment in the sector and how the use of AI is growing, read the press notice and full statistics report. 

3. Ministers warn businesses to act on AI‑driven cyber threats 

Ministers have written an open letter to business leaders warning that artificial intelligence is accelerating cyber threats, making attacks faster, cheaper and easier to scale. New AI tools can now find software vulnerabilities and help generate exploits at a speed that would have been impossible even a year ago. 

The letter stresses that while the technology is changing, the targeted weaknesses often remain the same — unpatched systems, weak credentials and poor governance. Ministers urge boards to take ownership of cyber risk and have a renewed focus on ensuring strong fundamental protections are in place. 

Ministers say Boards should review cyber risk at the top level, use the Cyber Governance Code of Practice, adopt Cyber Essentials where appropriate, and sign up to the NCSC’s free Early Warning service. Read the open letter to businesses.  

4. Firms invited to take Cyber Resilience Pledge 

The government has launched a new Cyber Resilience Pledge, inviting organisations to publicly commit to practical actions that strengthen their defences against cyber attacks. The Pledge is voluntary and focused on steps proven to reduce risk. 

Organisations signing up commit to: 1) making cyber security a board‑level responsibility, 2) signing up to the NCSC’s free Early Warning service, and 3) requiring Cyber Essentials standards across their supply chain. These measures help organisations spot threats sooner, improve leadership oversight, and reduce vulnerabilities in suppliers. 

The Pledge was announced at CYBERUK and will be formally launched this summer, with signatories published on GOV.UK. Boards should review the Pledge, assess their readiness against the three commitments, and encourage their organisations to sign up. For more information, visit the Cyber Resilience Pledge on GOV.UK. To sign up, please email your signed Pledge declaration to cybersecurity@dsit.gov.uk. 

5. £90m new funding for cyber resilience  

The government has announced £90 million of new funding to strengthen cyber security across the UK, with a focus on supporting small and medium‑sized businesses and priority sectors, e.g. NHS suppliers. The funding will be delivered through existing government and NCSC programmes and will help organisations improve basic cyber hygiene, such as Cyber Essentials, and drive up the use of the government’s recommended cyber security standards and codes of practice. 

This investment recognises that cyber threats are growing in scale and sophistication, and that many organisations still lack the resources to address them. For more information, read the Security Minister’s speech at CyberUK. 

6. Cyber Bill returns to Parliament in the King’s Speech 

The government has confirmed in the King’s Speech that the Cyber Security and Resilience Bill will return to Parliament for the second session in 2026. The bill - which has already completed its House of Commons Committee stage - will now be considered for Report stage, ahead of entering the House of Lords.  

For more information, including updated factsheets explaining the measures in the legislation, visit the Bill page on GOV.UK. 

7. New breaches survey shows cyber threat remains widespread 

The new Cyber Security Breaches Survey shows 43% of businesses suffered a cyber breach or attack in the past 12 months, underlining the persistent cyber threat facing the UK economy. 

The 2025-26 version of the report – published on 30 April – shows the cyber threat remains widespread and significant, with 69% of large firms suffering cyber breaches or attacks and 29% of firms experiencing breaches or attacks at least once per week. 

The survey also shows that nearly a third (31%) of businesses are rushing to adopt or explore AI, though 76% of them admit to not having cyber security practices in place to manage the risks.  

Cyber Security Minister Liz Lloyd said “these figures are a stark reminder of the importance of having robust cyber security measures. All business leaders should be gripping this issue and taking action now, especially as AI is making the threat more acute. Quite simply, firms cannot afford not to take these steps.” 

“Businesses are not powerless. Practical steps such as using the NCSC’s free guidance, signing up to their Early Warning service and adopting Cyber Essentials can significantly strengthen defences and help keep businesses, customers and the wider economy safe.”

For more information, see the Cyber Security Breaches Survey 2025-26. 

8. Hacktonics win 2026 ‘Cyber Den’ 

The Cyber Den is a live pitching competition held every year at CyberUK where companies exhibiting in the SME Innovation Zone present to a panel of senior industry and government judges. Winners receive 12 months of tailored support from the NCSC to develop and pilot their product.  

Hacktonics won the 2026 competition. The firm specialises in practical cyber security training for industrial control systems, using their own hardware to replicate threats. They are a recent graduate from the government’s Cyber Runway Critical National Infrastructure programme. 

9. The Product Security Act is two years old – and it’s working 

Wednesday 29 April 2026 marked the second anniversary of the Product Security and Telecommunications Act which has boosted the cyber security of a wide range of internet-connected ‘smart’ (or IoT) devices used by the public, such as smart TVs, cameras and children’s toys.   

The Act means the millions of internet-connected devices sold each year and used by over 99% of UK adults are now better protected, with recent figures from the Office for Product Safety and Standards showing that 100% of devices they tested are now compliant with the new requirements for strong passwords.  

10. Information from the Cyber UK event

• Press notice on the Cyber Resilience Pledge and action on AI 

• Speech by Dan Jarvis, Security Minister

• Speech by Richard Horne, CEO of the National Cyber Security Centre 
• NCSC announcement on passkeys replacing passwords 

11. Recent publications 

• Minister Lloyd cyber resilience speech at the New Statesman (May) 

• List of Cyber Local projects 2025-26 (May) 

• Press notice: Government steps up action to strengthen cyber defences as UK cyber industry continues to grow (May) 

• Cyber security sectoral analysis 2026 (May) 

• Cyber security breaches survey 2025-26 (April) 

• Press notice: Call to action for AI companies to work with UK Government on national cyber defence (April)  

• Cyber Resilience Pledge (April) 

• Call for views on enterprise connected device security - government response (April) 

• Evaluation of the NI Cyber AI Hub programme (March) 

• Cyber Explorers quarterly statistics update (March) 

• Cyber Essentials quarterly statistics update (March) 

• DSIT cyber security newsletter – March 2026 (March)