Code Red to Code Ready: the cybersecurity sector in focus

Given the recent cyberattacks so far in 2025, including those on top retailers Marks & Spencer’s, the Co-Op, and Harrods, the importance of cybersecurity is more obvious now than ever. The price of cyberattacks are high; it is estimated that the attack on Marks & Spencer’s will cost them £300m in remedial expenditure and lost revenue, equivalent to a third of their profits for this year. They have only recently re-opened online orders, 6 weeks after they had to close them, but disruptions are expected to continue until July.

According to the 2024 Data Health Check by Databarracks, in the past 12 months, over 50% of organisations were impacted by cyberthreats, with larger companies much more likely to come under attack.

The best-case scenario is to prevent cyberattacks before they can cause any damage to your organisation. This is where cybersecurity comes in, which involves protecting digital devices from hackers and online attacks, like phishing and malware. The Government’s 2025 Cyber Security Sectoral Analysis report provides insight into the UK’s cybersecurity space:

• There are an estimated 2,165 cybersecurity companies in the UK as of December 2024.
• This sector employs an estimated 67,299 Full Time Equivalents (FTEs).
• The vast majority, at 80%, are offering information risk assessment and management services, and/or cyber professional services.
• The revenue generated by this sector in the most recent financial year is estimated to be around £13.2bn, with 70% of this revenue being generated by the larger firms, who are defined as having over 250 employees.

Fundraising activity for UK cybersecurity companies

Fundraising activity of cybersecurity companies in the UK

Data source: Beauhurst

Looking at a sample of UK cybersecurity companies, their fundraising activity follows an interesting trend. The total amount raised through fundraising halved in 2020 from 2019, perhaps due to the uncertainty surrounding the economy and businesses caused by the COVID-19 pandemic. However, as we have seen with previous research, 2021 was a good fundraising year, seeing a quick rebound here of 245%. While this level of fundraising was sustained through 2022 and 2023 saw an increase of 21%, 2024 saw a drastic decrease of 61% to pre-pandemic levels.

When we look at the number of fundraisings, we see that they remain relatively the same despite the dips in the amount of fundraising raised in 2020 and 2024. For these years, we can assume that there were more fundraisings for smaller amounts. This is the opposite to what we have seen for other sectors, where a trend of ‘quality over quantity’ is starting to appear.

Characteristics of cybersecurity companies

Current stage of evolution for UK cybersecurity companies

Data source: Beauhurst

Half of the cybersecurity companies are classed as early start-ups. This is unsurprising given that, according to the Government’s own sector report, the vast majority of businesses in this sector are classed as Small and Medium Enterprises (SMEs), with 18% being small and 56% being micro in size. This is to be expected as cybersecurity is still considered an emerging sector within the UK.

Data source: Beauhurst

The industry or buzzword breakdown are largely as expected, as these all fit within the definition of cybersecurity. One sub-sector we want to highlight here is ‘tutoring, training, coaching and skills development’. For cybersecurity practices to be successful, all individuals within the business need to do their part. It is important to keep in mind that any electronic system is only as strong as their weakest user. Regular training is needed to ensure that everyone within the organisation remains up to date on the best practices in protecting themselves and, in turn, the company from cyberattacks. If an organisation does not feel confident that they can effectively deliver this training internally or do not have the necessary resources, they are able to seek external help from companies who specialise in delivering training like this.

AI in cybersecurity

Artificial Intelligence (AI) is an emerging area for cybersecurity and is becoming increasingly more important as cyberthreats become more sophisticated and surpass traditional security measures. AI can assist and enhance many areas of cybersecurity including threat identification, behavioural analytics, security automation, and risk analysis. Despite its many advantages, it’s important to keep in mind the challenges that come with implementing AI. Considerations include:

• If the AI models are trained using biased or incomplete training data, they have a higher chance of missing certain threats or of flagging innocent activity.
• Due to their complexity, some AI models lack transparency around how they arrive to their decisions. Because of this, it can be difficult to trust the security alerts they generate, which leads to the hinderance of effective response measures.
• There is a chance that cybercriminals can exploit vulnerabilities in order to launch targeted attacks.
• There are concerns surrounding privacy and data breaches, as AI models often require large amounts of data.
• These solutions require specialised skills for implementation and maintenance, however there is currently a shortage of cybersecurity professionals with the required skills.

Incorporating AI into a firm’s cybersecurity defence procedure can be a lucrative endeavour that can help both IT professionals and system users to identify potential threats to their organisation. However, much like with all uses of AI, caution should be taken if one intends on relying upon its capabilities entirely, as AI still holds various possibilities for error in its assessments.

Even with AI safeguards in place, the people using these systems must always remain sceptical and alert of possible dangers.

Future of cybersecurity

Cybersecurity is not a sector that has room to fall behind. With cyberattacks becoming more prominent in the news and more sophisticated, cybersecurity companies must stay a step ahead.

While this is a space that will face constant changes and advancements, there are various developments to both cyberthreats and cybersecurity that we are likely to see in the coming years:

• An increase in the number of cyberattacks, particularly those from nation-state actors. It is predicted that these attacks will be less focused on the theft of sensitive information, and instead have the goal of destabilising economies, disrupting services, or inciting widespread panic.
• Supply chains will continue to face major disruptions due to cyberattacks. This will influence businesses to consider not only their internal assets when it comes to cybersecurity strategy, but to also ensure that their partners, suppliers, contractors, and service providers are included.
• With the UK planning new cyber laws, businesses will soon be faced with more strict requirements. This is likely to lead to an increase in demand for compliance-as-a-service solutions, as businesses navigate these new requirements.
• There will be a big movement towards single-platform solutions due to the increasing complexities of cyberthreats and the regulatory landscape. As it stands, there is a heavy reliance on point solutions, like firewalls, anti-virus software, and intrusion detection systems, that are designed to only address specific security concerns. Whereas single platform solutions deal with an influx of different types of information with ease. This will become essential as cyberthreats become more complex and challenging to deal with.

With the above evolutions to the cyberworld, it is of paramount importance that businesses pay attention to developments and threats, and that they respond accordingly regardless of their size.

Cybersecurity must do’s

With an ever-changing landscape, it can be challenging to know the best practices for cybersecurity. While the best strategy will vary by business, due to factors such as their business model and business offering, below are some general practices that all businesses should follow:

• Person-centric strategy: This ensures that employees are equipped with the necessary training and knowledge to recognise potential threats, like phishing emails. All employees should regularly receive updated training, not only during the onboarding stage, to guarantee that they are upholding the best practices.
• Security policies: It is important that businesses regularly update their security policies. Especially in response to emerging threats and to the adoption within the business of new technology or tools. With each update, employees then need to be made aware and receive training on said policies.
• Security updates and data backups: Programs and software should be kept up to date, as new updates will often provide bug fixes and improved security. In addition, data accumulated by the business should be backed up to a secure location, preferably outside the network that it is backing up. This is so that in the event of a total shutdown, the backs-ups are safe.
• Passwords: The length of the password, at least 14 characters, is now considered more important than its complexity. This is because most password cracking software compensate for numbers used in place of letters, rendering this line of defence effectively useless. Additionally, the more complex a password, the bigger the chance that it will get written down. A password comprised of letters, numbers and symbols is easily identifiable in a key logger log file, while a phrase from a poem or song is less so. With the addition of multi-factor authentication, detailed below, passwords do not need to be changed as frequently. In fact, Microsoft recommends not expiring the password if the previous criteria are met.
• Multi-factor authentication: This should be used for an added level of security. It requires the verification of your identity on two select devices. If multi-factor authentication is unavailable, a different service provider who does support it should be used instead.
• Cybersecurity audits: It is good practice to conduct regular cybersecurity audits. This is where criteria is established for businesses and employees to use as a check list to make sure that they are consistently defending against risks. They also assist in helping keep businesses up to date with compliance and legal requirements. The frequency of these audits depends on the size of the business. Generally smaller businesses can be comfortable with annual testing, whereas medium and larger businesses may wish for monthly testing to gain continual comfort as they continue trading. Audits should also be run after any firewall or infrastructure change and when a major vulnerability has been discovered. Asset management software that manages updates and patches should be used alongside an endpoint security with anti-virus capability.
• Monitoring third-party activity: Allowing third-party users to access your systems and applications, can lead to cybersecurity breaches. Third-party access should be strictly controlled. Trusted parties are those who have shown that they take cybersecurity seriously, such as by providing evidence of recent audits or policies. If access is given it should only be to specific data, preferably in a contained environment separate from your production environment. In addition, OTPs (one-time passwords) and time restricted access should be implemented for an extra layer of security.

Further insight into the cyberworld

Price Bailey has performed various reviews of likely threats to our clients, as well as an analysis of other high profile cyber instances that are available below:

• British Library cyberattack
• Protecting against cyberattacks
• Cybercrime and fraud in the charity sector