UK firms boost cyber security spend amid talent gap

UK organisations are increasing cyber security spending amid rising concern over cyber threats, according to Experis. Its latest CIO survey found UK technology leaders were more worried about cyber security than peers in any other market covered.

More than half of UK chief information officers, chief technology officers and chief information security officers surveyed, or 56%, ranked cyber security as their top concern. Among UK IT leaders at director and partner level, 37% said the same, suggesting the concern extends beyond the most senior technology roles.

The findings point to a gap between investment plans and hiring conditions. While 84% of UK organisations said they planned to commit more budget to cyber security, the survey identified it as the most in-demand skill area. Some 71% of UK employers said they would need significantly more cyber talent over the next 12 to 24 months.

That combination is putting employers under pressure as they try to strengthen defences while competing for a limited pool of specialists. Businesses are facing longer hiring cycles, fewer qualified applicants and weaker global talent inflows in specialist areas including cyber security, artificial intelligence and advanced engineering.

Talent pressure

The strain is not limited to London. Experis said regional technology hubs are seeing sharper declines in available talent outside the capital, further constraining the hiring market for employers trying to build security teams.

Rhona Carmichael, managing director of Experis UK, said recent attacks had changed how businesses viewed the issue.

“Cyber risk is no longer hypothetical – it has become a very real threat for UK businesses. Recent high-profile incidents have shown just how quickly an attack can move beyond IT systems into the heart of operations – affecting services, supply chains and customers almost instantly, often with prolonged recovery periods. That has changed the conversation. It’s no longer about ‘if’, meaning cyber security has shifted from a technical priority to a core business need,” Carmichael said.

For many employers, cyber security now sits at the centre of technology planning and recruitment strategy. Budget allocations may be rising, but organisations still need people with the right expertise to put those plans into effect.

Cyber security was the single largest area of planned IT spending among UK organisations in the research. Even so, the hiring market appears to be tightening as demand rises, particularly for specialist roles that are difficult to fill quickly.

Hiring gap

The mismatch between budget and staffing needs is emerging as a central issue for employers. Companies can approve spending, but they may still struggle to recruit or retain the specialists needed to manage threats, test systems and respond to incidents.

Carmichael said funding alone would not solve the problem.

“Investment alone is not enough. Without the right talent in place, even well-funded strategies can fall short. The real differentiator over the next few years will be whether organisations can build the skilled teams needed to turn that investment into genuine resilience,” she said.

The figures also suggest cyber risk has become a board-level issue rather than a narrow technology concern. With chief information officers, chief technology officers and chief information security officers all placing it above other priorities, organisations appear to be treating security as a broader operational and commercial risk.

For recruiters and employers, the challenge is no longer just how much to spend, but how to secure scarce talent in a market where demand is rising faster than supply. The survey found 71% of UK employers expect significantly more cyber security talent will be needed over the next 12 to 24 months.