Author: Rob Demain, CEO & Founder
A clear signal on national resilience
Yesterday’s King’s Speech set out the Government’s priorities against a backdrop of economic, energy, and national security pressures converging at once. World-class infrastructure, domestic capability, stronger defences, and national resilience sat at the centre of the programme. So did the Cyber Security and Resilience Bill.
That matters because cyber is no longer a narrow technical concern. It is where national resilience, economic growth, and strategic technology meet most sharply. The Cyber Security and Resilience Bill is designed to strengthen the UK’s cyber defences and protect the essential services people rely on every day, from energy and water to healthcare and digital infrastructure.
But legislation sets the framework. UK sovereign cyber defence depends on the capability behind it.
Cyber is where AI is being weaponised first
The Security Minister made the point clearly at CYBERUK: the cyber security of British business is a matter of national security. AI is lowering the barrier to entry for adversaries, automating attacks, and finding vulnerabilities in critical systems faster than human teams can patch them.
Attackers are not waiting for policy cycles, procurement cycles, or board reporting cycles. They are moving at machine speed. Their targets are the organisations that keep the country running: healthcare, transport, energy, water, logistics, and the supply chains behind them.
AI-enabled cyber defence matters. But so does a harder question. Where is that capability being built? Where does it run? Who operates it? Who owns the learning, the data, the engineering knowledge, and the jobs created around it?
AI does not simply run online. It runs on infrastructure, compute, data, engineering teams, security operations, and trusted relationships. The Government’s own AI Opportunities Action Plan recognises that domestic compute creates benefits in jobs, investment, and new AI-based service businesses. The UK should be an AI maker, not an AI taker.
That principle must apply to cyber.
Adoption without ownership is not enough
The risk is not that Britain fails to use AI. The risk is that Britain uses AI in a way that builds everyone else’s capability but its own.
If UK organisations rely too heavily on technology stacks built, hosted, and controlled elsewhere, the country imports the tools while exporting the skills, operational learning, and strategic value that should be developed here. UK sovereign cyber defence requires more than procurement. It requires investment in British-built, British-operated capability.
For the workforce, the question is not whether AI arrives. It will. The question is whether AI strengthens UK skills, productivity, and resilience, or whether it hollows out the very capability the country needs most.
The UK has strength to build on
Britain is not starting from scratch. The UK cyber security sector generated £14.7bn in annual revenue in the latest sectoral analysis, up 11%, with 2,603 active firms and nearly 70,000 people working across the sector. AI is already reshaping cyber security, and the UK’s combined strengths in cyber, AI, and research position it well to lead.
The number of UK-registered firms offering cyber security for AI systems rose to 111, an increase of 68% from the previous baseline. The capability exists. The question is how to make it easier to recognise, trust, and scale.
That is not a criticism of buyers, government teams, or procurement professionals. They operate in complex environments with difficult constraints. The real challenge is wider: how government, industry, standards bodies, investors, and customers work together to give British cyber companies confidence, clarity, and routes to market.
From policy to operational reality
UK sovereign cyber defence is not a future ambition. It already exists. Organisations like e2e-assure have spent over a decade building UK cyber capability shaped by real operational experience, trusted data, and UK engineering talent, protecting the sectors where cyber risk carries national consequence.
The King’s Speech put national resilience and homegrown capability at the centre of the agenda. Cyber is where that agenda becomes urgent.
If we are serious about economic security, cyber must be part of it. If we are serious about national security, cyber must be part of it. If we are serious about AI, cyber must be part of it.
Britain does not just need to use the next generation of AI cyber defence. It needs to build it. And it needs to make sure AI strengthens UK resilience, UK skills, and UK innovation, not someone else’s capability at the expense of our own.