Three in four UK businesses suffered a cyber incident in the past 12 months, the highest rate of any country in Europe, according to new research from ManageEngine, published as Infosecurity Europe opens in London this week.
The findings come from a survey of 1,500 IT and business decision-makers across the UK, Spain, Germany, Italy, and the Netherlands, spanning six industry verticals and organizations of varying sizes. The UK’s position as one of the most digitized and interconnected economies in Europe makes it a disproportionately large target.
This follows a string of high-profile attacks on major UK organizations over the past year. A ransomware attack on British car manufacturer Jaguar Land Rover cost an estimated $2.5 billion to the British economy.
VimalRaj Sampathkumar, Technical Head for UKI at ManageEngine, said: “Cybersecurity in the UK is no longer primarily a prevention problem. Organizations are assuming attacks will happen. The next challenge is not necessarily adding more security layers. It’s about reducing operational complexity, addressing workforce pressure, and ensuring that AI adoption strengthens resilience rather than introducing new risk.”
The Impact of AI
43% of UK respondents identified AI-powered attacks as their single biggest risk over the next 12 months, ahead of ransomware, phishing, and data breaches. 41% cited AI threat preparedness as their top spending priority over the next one to two years.
Vivin K Sathyan, Senior Technology Evangelist for IT Security at ManageEngine, said: “It is the same traditional attacks, but the difference is the scale and speed at which attackers can infiltrate a company’s network. Traditionally, if an attacker could infiltrate 10 machines at a time, now with AI, the same person can infiltrate 1,000.”
Just under half of UK respondents cited a skills gap as their primary operational challenge, nine points above the European average and the highest of any country surveyed. 29% cited team fatigue and burnout, also the highest in Europe. One in four said workload pressures had critically limited their ability to prevent or respond to incidents.
UK organizations reported the highest adoption of formal resilience frameworks of any country surveyed. But only 37% adopted long-term improvements after being attacked. 13% made no strategic changes at all.
Board engagement follows the same pattern: the UK scored highest for executive involvement, but only a third described it as continuous. 20% said board engagement was limited or non-existent.
The research paints a picture of a market that is highly targeted and comparatively mature on paper, but where overstretched teams and tactical post-incident responses are not keeping pace with the threat environment.
For CISOs globally, the dynamics are the same: AI threats are the top concern, skills gaps are accelerating, and governance on paper does not always translate into resilience in practice.
