HBHR has launched HRGenie Auto, an artificial intelligence tool for HR and payroll users that can navigate the platform on a user’s behalf in real time.

The launch coincides with survey data from HBHR on payroll errors and employee expectations of workplace technology. Its poll of 2,000 UK employees found that 85% expect employers to use modern payroll technology to reduce mistakes, while 61% would look for a new job if payroll errors continued for six months.

HRGenie Auto builds on HBHR’s existing HRGenie system. Rather than only answering questions, it carries out actions inside the software while the user watches the process on screen.

The product is intended to reduce the training and support needed when employees, managers and HR teams use HR and payroll systems. HBHR said software changes, process updates and staff turnover often create a constant need for guidance, adding to the workload of HR and payroll departments.

Callum Pennington, Chief Executive Officer and Co-Founder of HBHR, said: “The HRGenie has always been able to answer questions, complete tasks and tell you where things are. But HRGenie Auto takes that a significant step further. Now, when you ask the platform something, it doesn’t just give you an answer. It takes over. That might sound like a small change. It isn’t. The biggest hidden cost in HR technology has never been the software itself, it’s the time spent learning it. With HRGenie Auto, the platform becomes the teacher. It shows people what to do, in the moment they need it, without anyone having to step in. This is what modern HR software should look like. Less like a system you have to learn and more like a colleague who just gets things done.”

Payroll Pressure

The survey highlights the commercial and operational risks employers face when payroll goes wrong. HBHR found that 24% of employees said pay mistakes had made it harder to afford rent, food or energy bills, while 20% said they had missed a bill entirely because of a payroll error.

In London, the figures were higher: 34% of employees said they had been unable to cover a bill because of a payroll mistake, and 31% had to borrow money to make up the shortfall.

The polling also pointed to a retention issue. According to HBHR, 76% of Gen Z workers and 72% of millennials said they would be likely to seek a new role if payroll errors persisted for six months. Across all workers surveyed, 23% said they had spotted a mistake in their payslip in the past year.

Confidence in payroll accuracy also varied by age group. HBHR found that 29% of Gen Z and millennial employees felt confident about payroll accuracy, compared with 43% of baby boomers.

Compliance Shift

HBHR linked the launch to broader change in the payroll market as HMRC payroll and tax reforms take effect. Only 36% of employees surveyed believed their employer had told them what was changing, while 30% said they had received no communication at all.

That leaves employers facing two pressures at once: adapting to regulatory change and maintaining trust in pay accuracy. HBHR argued that the burden often falls on internal teams already managing compliance, staff queries and routine administration.

It also found that 72% of employees believe technology underpins their confidence that pay will be accurate and on time. For software suppliers, that creates an opening to position systems not simply as administrative tools but as part of the employee experience.

HBHR, formerly known as HealthBox HR, provides HR, time and attendance, and payroll software in one system. HRGenie Auto is available to customers now.

Pennington said: “Payroll has always been treated as a back-office function, but these numbers make it brutally clear that it now sits on the front line of the cost-of-living crisis. When employees are missing bills because their payslip is wrong, that is not a minor admin issue. It is a systemic failure. HMRC’s changes are a golden opportunity for businesses to assess and evolve their payroll, but if they try to navigate this shift with spreadsheets or outdated systems, they risk pushing more employees into debt and driving out their best talent.”

REGnosys has welcomed additional government funding for the Centre for Finance, Innovation and Technology, as ministers outlined broader measures for the UK fintech sector.

Chief executive and founder Leo Labeis described the extra £1 million for CFIT as a positive step, but argued that support for growth must go beyond funding announcements and policy signals. He focused on the practical systems and standards firms need to expand and remain in the UK market.

His intervention places REGnosys within a wider debate over how Britain can retain fintech companies as they mature. Ministers have sought to improve the environment for listings and investment, but parts of the sector want greater attention on the structures that govern data, reporting and compliance.

Labeis linked that issue to the government’s recent emphasis on capital markets and initial public offerings. Better listing conditions matter, he said, but they are only one factor for companies deciding where to build and grow.

“Additional support for CFIT is welcome, and it is encouraging to see the conversation at UK FinTech Week focus not just on innovation, but on the conditions firms need to scale in the UK. The future of UK fintech will rely as much on coordination and delivery as it does on new ideas.

The renewed focus from government on capital markets competitiveness and IPO attractiveness is also important. Measures that improve the listing environment send a positive signal to founders and investors, but the real test is whether that ambition is matched by investment in the infrastructure that makes growth operationally viable.

Common data models, machine-readable rules and interoperable reporting frameworks are no longer technical afterthoughts. They are strategic enablers of a modern financial system, helping firms scale more efficiently, reduce compliance friction and strengthen resilience.

London already has deep pools of capital, world-class talent and a strong regulatory base. To build on that, the UK has to show it will back high-growth sectors such as RegTech with the modern infrastructure needed to innovate, scale and ultimately list here,” Labeis said.

Infrastructure Focus

The comments highlight a recurring concern among financial technology companies: growth is constrained not only by access to capital, but also by fragmented operational requirements. Firms expanding across regulated markets must navigate multiple reporting formats, differing data standards and rulebooks that remain difficult to translate into automated systems.

For RegTech companies, those frictions sit at the centre of their business models. The sector argues that clearer data structures and machine-readable regulation can reduce duplication for both financial institutions and supervisors, while making it easier for smaller firms to compete.

That view aligns with a broader push in UK financial services to modernise the plumbing behind regulation. Common data models can help institutions use the same definitions across internal systems and external reporting. Machine-readable rules aim to convert legal and supervisory requirements into formats software can process more directly. Interoperable reporting frameworks are intended to reduce the need for firms to submit similar information repeatedly in different ways.

Scale And Listings

The listing question remains politically sensitive because many UK technology firms have chosen to raise capital or float in other markets. Policymakers increasingly frame that trend as both a competitiveness issue and a test of whether Britain can turn early-stage innovation into larger domestic businesses.

Labeis’s remarks suggest the answer will depend partly on whether regulatory and reporting systems keep pace with policy ambitions. Even where capital is available, firms may still weigh the costs of compliance, integration and expansion when deciding where to locate teams, invest and seek a public listing.

London already offers established advantages in finance, skills and regulation, he noted. His argument is that maintaining that position now requires sustained backing for the systems that make those strengths usable for fast-growing companies.

The focus on RegTech is notable because the sector often sits between financial services policy and digital infrastructure policy. Supporters say it can improve efficiency and resilience across the wider market, rather than serving only a narrow group of software firms.

By framing common data models, machine-readable rules and reporting standards as strategic rather than technical issues, Labeis pushed the discussion beyond fintech promotion alone. His central point was that if the UK wants more firms to scale and list domestically, the operating environment must support that ambition.

2025 was the year that exposed the gap between cyber strategy and operational reality. For UK security leaders, the lesson learned was that resilience, sustainability, and judgement mattered more than volume. Now, the challenge is responding to threats with clarity until one inevitably succeeds.

By the end of 2025, it became clear that cyber resilience was no longer a theoretical ambition. Now, it’s an operational reality being tested under sustained pressure.

Last year exposed the limits of security models built for a different pace, a different scale, and a different kind of attacker. Familiar access techniques, such as phishing and credential compromise, continued to dominate, but the damage came later. Attacks moved quietly, used trusted access, and blended into normal behaviour for long enough to evade traditional detection.

For many organisations, this can be classed as a failure of assumptions, as opposed to a tooling failure.

Once attackers were inside, security strategies built for prevention struggled. SOC teams were overwhelmed by volume, and they found it harder to identify the signals that mattered. Operating models stretched by skills shortages and alert fatigue began to show signs of strain.

2025 forced a shift in mindset. Rather than asking ‘How do we stop everything?’, the question became something more honest and useful. Now, it was ‘How prepared are we when something inevitably gets through?’

That shift will define cyber resilience in 2026.

Resilience replaces perfection

Resilience has long been discussed as a strategic goal. In 2025, it was seen as a practical measure of effectiveness.

The organisations that coped the best were those that could detect, contain, and recover with confidence. Having the largest number of controls didn’t determine success. They understood that incidents were sequences of behaviour unfolding over time.

Early visibility, clear escalation paths, and disciplined response mattered more than flawless prevention.

In environments where attackers relied on legitimate credentials and lateral movement, rather than malware, that was evident. When malicious behaviour looks like normal activity, resilience depends on context and judgement, not volume-based alerting.

The lesson we should take is uncomfortable, but important. Security programmes designed around perfection break under pressure. Those designed around preparedness adapt and thrive.

SOC sustainability became a leadership issue

Another defining theme of 2025 was the growing strain on security operations centres.

Alert volumes continued to rise as environments expanded across identity, cloud, network, and SaaS platforms. Analyst burnout, skills shortages, and cost pressures all became structural challenges rather than short-term issues. Decisions around data ingestion, retention, and prioritisation were now directly affecting visibility and response capability.

What many organisations discovered was that SOC sustainability is a leadership concern. When analysts spend most of their time validating low-value signals, the risks become hidden. Once teams are stretched thin, the ability to respond decisively degrades long before dashboards reflect a serious problem.

SOC effectiveness will be judged less by activity and more by focus. The ability to prioritise the right signals, at the right time, with the right context will matter more than the number of alerts processed.

AI: Accelerating outcomes, exposing weak operating models

AI featured prominently in security discussions throughout 2025, often framed as a solution to scale and skills challenges. In practice, it acted more like a stress test.

Where operating models were disciplined, AI helped reduce noise, accelerate investigation, and preserve analyst time for judgement. Where processes were unclear or poorly governed, AI amplified inconsistency and introduced new risk.

AI isn’t an immature solution. Instead, AI just doesn’t compensate for weak foundations.

Over-automation, particularly in areas that require explainability and accountability, proved risky. The most effective applications of AI were those that supported prioritisation and context. They shouldn’t be used as an attempt to replace human decision-making altogether.

As a result, the conversation is more grounded. AI is being increasingly understood as an augmentation layer that must operate within clearly defined guardrails.

Architecture and visibility shaped outcomes

One of the quieter but most consequential lessons from 2025 was the role of architecture in resilience outcomes. Applications are distributed, users are mobile, and identity has become the primary control plane.

Security controls that sit outside the network struggle to deliver the visibility and speed required. Attacks don’t respect tool boundaries. They move wherever identity, network, or cloud visibility are weakest.

Organisations that aligned networking and security more closely were better positioned to detect anomalous behaviour early and respond with confidence. This was less about adopting a specific framework, and more about reducing fragmentation and blind spots.

Architecture decisions will now increasingly be recognised as security decisions. Visibility, policy enforcement, and response speed are now tightly coupled to how environments are designed and operated.

What this means going forward

If 2025 was the year resilience was tested, 2026 will be the year it’s measured.

Boards and executives will ask harder questions about preparedness, rather than just focusing on coverage. CISOs will be expected to demonstrate how attacks are prevented and how incidents are handled when prevention fails. Security leaders will need to articulate how their operating models scale sustainably under intense pressure.

The organisations that succeed will be those that stop treating resilience as a set of controls. They need to treat it as a capability that spans people, process, technology, and partnerships.

Cyber resilience is no longer about stopping every attack. It’s about responding with clarity when one succeeds.

Security hasn’t become an impossible task. It’s just become more honest. Noise is easy to generate, and signal is hard to find. Resilience is built long before an incident ever occurs.

Which organisations will be rewarded? It’ll be the ones that have learned the lesson and acted on it.

To see these insights in more detail, read the full breakdown in Gamma Communications’ Cyber Resilience Report: Cyber Resilience for UK Enterprises – Gamma