Exclusive: Cybersecurity investment fuels £27bn boost for UK firms
UK businesses are generating an estimated £27bn in additional revenue annually from investing in cyber security, according to exclusive findings shared with City AM by cyber security provider ESET.
The research comes as a wave of cyber attacks continues to hit major organisations across the country, unveiling the commercial and operational stakes of digital security.
The data revealed that 53 per cent of UK firms report a direct increase in turnover linked to cyber investment. And of those, 70 per cent cited winning new business due to strong cyber credentials as a primary driver of that revenue growth.
The study also found that improved efficiency, performance gains, and reduced IT downtime were key secondary benefits.
Nearly half of respondents, or 44 per cent, said robust cyber security infrastructure had enabled their firm to take on more risk, like entering new markets or adopting emerging technologies.
Retail and public sector firms hit hardest
The figures land as businesses come under renewed pressure to defend against an intensifying cyber threat landscape.
Marks and Spencer recently disclosed a cyber incident that it said would cost the retailer £300m in lost profit this year, which is approximately a third of its expected earnings.
The breach forced the homegrown company to suspend online orders and is expected to cause disruptions into the month of July.
The M&S breach is one of several high profile attacks in recent months. Others have included the Co-op, Harrods, and Adidas.
Cyber security firm EclecticIQ reported that NHS patient data was among the targets in a broader healthcare-focused campaign.
ESET data suggested that 53 per cent of UK firms have already suffered at least one cyber attack – with longer-term growth impacts in many cases.
In a separate report, the firm estimated that cyber crime has cost UK firms £63bn in the last three years.
Cyber seen as a commercial asset
The new figures have suggested that business attitudes toward cyber security are evolving. While risk mitigation remains a priority, many now view digital resilience as a route to growth.
“The commercial upside of robust cyber security is increasingly difficult to ignore”, said Jake Moore, global cyber security adviser at ESET.
“As cyber threats grow more sophisticated, businesses are recognising that investment in cyber isn’t just about protection – it’s also about opportunity”.
Budget data has reflected this shift, with 77 per cent of UK firms saying they plan to increase their cyber security budgets in the year ahead, having planned an uplift of 12 per cent.
Yet, there are signs that execution remains a challenge. Only 12 per cent of businesses fully outsource their cyber security operations, despite increasing complexity and limited in-house expertise.
Seperate data from Delinea’s 2025 Ransomware report, also shared exclusively with City AM, has shown that 69 per cent of firms have experienced a ransomware breach – and more than a quarter have been attacked more than once.
Of those cases, 60 per cent involved data extortion, with attackers threatening to publish stolen information unless ransoms are paid.
Moore warned that investment alone may not be enough to keep pace. “Security budgets are growing but that money must be deployed strategically”, he said.