CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Dom
#
Ransomware
#
Advanced Persistent Threat Protection
#
Cartech

Cybersecurity leaders criticise UK budget for neglecting resilience

Thu, 27th Nov 2025
Author image
By Melania Watson, Interview Editor

The UK government's latest budget is facing criticism from cybersecurity leaders who say it lacks adequate support for the digital resilience critical to economic growth.

Concerns have been raised about the absence of dedicated cybersecurity funding and the pressure placed on companies to self-fund risk management measures in an environment of escalating threats.

Resilience as infrastructure

Industry voices argue that the budget fails to recognise the pivotal role of cybersecurity in protecting the wider UK economy. Recent cyber attacks on Jaguar Land Rover (JLR) and Marks & Spencer (M&S) have highlighted how incidents can disrupt supply chains and hamper national productivity.

"If the UK wants growth, it must fund resilience. Cyber attacks are now economic events - JLR and M&S proved that. Supporting businesses to detect and contain threats faster will pay for itself in national productivity," said Dominic Carroll, Director Portfolio, e2e-assure.

Carroll called for the government to integrate cyber resilience into national economic planning. He suggested targeted incentives for round-the-clock threat detection and response could protect critical growth sectors from major disruption.

"Cyber security isn't a technical cost, but a prosperity issue. Recent attacks show that when a major UK business goes down, whole supply chains feel it. This Budget should help firms harden their defences so the wider economy stays open for business," said Carroll.

Investor burden

The increased tax burden imposed on companies, combined with a lack of dedicated cybersecurity investment, has sparked warnings from sector executives. They caution that the dual pressures risk both deterring internal investment and leaving firms vulnerable to escalating threats.

"The tax hike in today's budget, overall, extracts more from businesses while providing little room for companies to invest in their own resilience. The government is asking firms to shoulder a greater tax burden while also self-funding protection against threats that can destroy their business. Increased tax costs don't just reduce investment capacity, they eliminate the financial cushion businesses need when ransomware and other cyber threats strike. This risk and cost are important to take into account, not least due to the government's own intention to drive investment and adoption of AI, which is already fuelling cybersecurity risks," said Edward Lewis, Chief Executive Officer, CyXcel.

Lewis pointed to the example of JLR, which faced a GBP £196 million direct cost from a ransomware incident and required GBP £3.5 billion in emergency liquidity facilities to survive. He said the government's focus on reducing national debt without equivalent cybersecurity support could leave the economy exposed to significant risk.

"The Budget should have given recognition that security infrastructure deserves at least parity with other strategic investments, not treatment as ordinary business expenditure," said Lewis.

Critical sector risk

The absence of dedicated national funding for cyber resilience may place critical infrastructure providers at greater risk, according to industry commentators. Smaller organisations, lacking the emergency reserves of large corporations, may find themselves particularly exposed in the event of large-scale incidents.

Chris Newton-Smith, Chief Executive Officer at IO, noted the importance of robust funding for cyber defence in the face of growing threats. He said that relying on individual organisations to self-fund cyber measures could undermine the security of essential services.

"The lack of acknowledgement, and dedicated cybersecurity funding, in today's Budget is likely to place more pressure on organisations to self-fund risk management and compliance initiatives during economically challenging conditions. This will have a severe impact on the security of our critical national infrastructure providers and resilience against rising threats, something that is essential given the recent high profile attacks we have seen lately," said Newton-Smith, CEO, IO.

AI and skills investment

The budget's focus on funding for artificial intelligence (AI) and technology innovation has been welcomed, but experts stress the importance of embedding cyber governance as part of these initiatives. The support for skills development and innovation grants is seen as positive for addressing long-term talent shortages in technology and information security.

Newton-Smith said the new government schemes for tech companies and apprenticeships could help the UK meet growing regulatory and resilience standards, including under emerging legislation. However, he warned that AI safety, governance, and risk management must remain priorities as the sector expands.

With the investment in intelligence agencies cited as appropriate, business leaders continue to urge policymakers to view cybersecurity not as a routine operational issue, but as a core national economic concern aligned with productivity and growth.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Tighter visa rules deepen SAP S/4HANA skills shortage
Harvey to open Paris office & hire EMEA sales chief
CapitaLand Ascendas REIT buys DHL Ohio hub for SGD $94.5m
BioCatch warns AI agents will supercharge online fraud
Gartner sees AI spend hitting USD $2.52trn by 2026

Top stories

YouLend & Teya launch SME cash advances in UK, Europe
Dun & Bradstreet outlines seven key compliance trends
YAP Global names Otto Jacobsson CEO amid crypto shift
Insight & Stripe expand AI-driven enterprise commerce
IMS to power Drive Smart app for Motability Scheme