UK Government Pledges £90m and Calls on AI Firms to Help Build National Cyber Defence
The UK government has pledged £90 million to bolster the nation's cyber resilience and issued an unprecedented call to leading artificial intelligence companies to partner with Whitehall on building AI-powered national cyber defence capabilities, Security Minister Dan Jarvis announced at the CyberUK 2026 conference in Manchester.
Background
The announcement marks a significant escalation in the government's approach to national cybersecurity, reflecting growing alarm at the pace and sophistication of attacks targeting UK infrastructure. The National Cyber Security Centre (NCSC) handled more than 200 nationally significant cyber incidents in the past year — more than double the number recorded the previous year — with hostile states and criminal actors increasingly deploying automated systems to identify and exploit vulnerabilities at scale.
The NCSC's most recent annual review identified China, Russia, Iran, and North Korea as the primary nation-state threats to UK digital infrastructure. These actors are using AI-driven tools to probe for weaknesses in government systems, financial institutions, and critical services at a speed that human security teams struggle to match. Advanced AI models have already demonstrated the ability to autonomously discover thousands of zero-day vulnerabilities across major operating systems, uncovering critical flaws that had gone unnoticed for decades.
The urgency of the government's response is further underscored by the 2025/2026 Cyber Security Breaches Survey, which found that 43 per cent of UK businesses experienced a cyber breach or attack in the last 12 months, with phishing remaining the most common attack vector. The survey highlights a persistent gap between the scale of the threat and the preparedness of organisations across the public and private sectors.
Key Developments
At the centre of the new strategy is the Cyber Resilience Pledge, a voluntary scheme inviting UK organisations to commit to three core security practices: making cybersecurity a board-level responsibility through the government's Cyber Governance Code of Practice; registering with the NCSC's free Early Warning service, which provides timely alerts about potential threats; and requiring Cyber Essentials certification from suppliers across their supply chains.
The £90 million investment will provide targeted support for small and medium-sized businesses to implement the Cyber Essentials standard — a government-backed certification scheme that sets a baseline for protection against the most common cyber threats. Supply chains have long been identified as the weakest link in UK cyber defences, and the new pledge is designed to close that gap systematically.
Speaking at the conference, Mr Jarvis described the convergence of artificial intelligence and cybersecurity as a "profound technological crossroads" requiring a spirit of "fearless innovation." He warned that the government could not close the cybersecurity gap alone and needed the speed, commercial agility, and engineering talent of the private sector. "This is a generational endeavour," the minister said. "We are calling on frontier AI companies to partner directly with us to co-develop AI for national cyber defence." The AI Security Institute is already working with frontier AI companies, and major firms including OpenAI and Anthropic have expanded their presence in the UK in recent months.
Why It Matters
The scale of the government's ambition reflects a fundamental shift in how Whitehall views cybersecurity — no longer as a technical afterthought but as a strategic national priority on a par with conventional defence. The decision to call on frontier AI companies to co-develop defensive capabilities signals that the government recognises it cannot build these tools in-house at the speed required.
A KPMG study released alongside the announcement revealed that cybersecurity has overtaken artificial intelligence as the top technology investment priority for UK businesses in 2026, with 57 per cent of companies planning to increase their cybersecurity budgets by more than 10 per cent over the next 12 months. That figure underscores a broader reckoning across British industry about the cost of complacency. Cybersecurity experts welcomed the announcement but cautioned that investment alone would not be sufficient. "The human element remains the fastest entry point for cyberattacks," said one senior NCSC official. "Basic cyber hygiene is no longer optional — it is the absolute minimum expected of any serious organisation."
Local Impact
For businesses and public bodies across the UK, the new Cyber Resilience Pledge represents a practical framework for action rather than a distant Whitehall directive. Organisations of all sizes are being asked to treat cybersecurity as a leadership issue, not merely an IT department concern. The requirement to extend Cyber Essentials certification through supply chains will have particular implications for smaller firms that supply larger public sector contracts — many of which have historically operated without formal cyber accreditation. The NCSC's Early Warning service, now being actively promoted as part of the pledge, is free to join and provides real-time threat intelligence that smaller organisations would otherwise struggle to access independently.
What's Next
The government has confirmed it will publish a full National Cyber Action Plan in summer 2026, setting out a comprehensive strategy for protecting critical national infrastructure and the wider economy. The plan is expected to formalise the partnership model with frontier AI companies and establish clear accountability frameworks for both public and private sector organisations. With the NCSC's incident figures continuing to climb and hostile state activity showing no sign of abating, the pressure on government and industry alike to move quickly has never been greater.
Further details on the Cyber Resilience Pledge are available via the GOV.UK Cyber Resilience Pledge page. The government's full call to action for AI companies is published at GOV.UK.
