AI and cybersecurity investment rise to top of UK boardroom agendas, PwC research finds

UK business leaders are planning to increase investment in cybersecurity and artificial intelligence (AI) over the next 12 months, according to PwC’s 2026 Global Digital Trust Insights survey.  

This interviewed 3,887 business and tech executives from across 72 countries and territories, including 334 from the United Kingdom. Of the 334 UK participants, 50% best described their role as related to business, 45% to data and privacy tech, and 5% to tech security.

The data shows UK organisations see cyber investment and strategic adaptations as business critical priorities, with 85% expecting cyber budgets to increase over the next 12 months and 56% anticipating increased investment by more than 6%. Furthermore, 69% of UK businesses say their cyber risk investment strategy needs to change to meet the demands of the geopolitical landscape over the next 12 months. 

While raising cyber budgets is evidently a priority, ensuring resilience against an expanding range of digital threats remains a challenge. Only 51% of UK organisations believe they are “very capable” of addressing a major cyber attack targeting network architecture.

Additionally, half of UK organisations say they will prioritise building out AI threat hunting capabilities, yet less than half (40%) have implemented AI practices in parts of their organisations responsible for addressing data risk.  

To address a rising array of cyber risks, 57% of UK organisations will look to either “slightly” or “significantly” increase spending on proactive measures. These extend to people related functions, with organisations highlighting skills shortages as a significant barrier.

61% of respondents acknowledge upskilling, specifically improving AI and machine learning tools capabilities, as a priority, and 47% of UK firms are looking at upskilling and reskilling current employees to address skills gaps over the next 12 months.  

Significant investment in cyber security has seen technology and transformation move to the top of leadership agendas. 58% of UK organisations say CISOs are now working “to a large extent” with a CIO/ CTO to oversee tech and infrastructure deployments, while 56% note CISOs are regularly reporting and meeting with board level executives. These percentages for UK organisations exceed peers across the globe (48%) and in Western Europe (50%). 

Quantum computing

UK businesses are committed organisationally and fiscally to addressing quantum computing related risks. 94% are implementing, testing, or exploring the implementation of quantum-resistant security measures.

53% report the use of quantum computing security measures to map data and inventory, more than peers globally (42%) and in Western Europe (41%). However, 39% currently follow quantum security measures to assess asset-based quantum risk and to implement “trust by design” principles.  

For organisations looking to incorporate quantum security measures in the next two years, priorities include implementing cryptographic discovery (29%), conducting a feasibility analysis (27%), and implementing “trust by design principles” (25%).  

James Rashleigh, PwC UK & EMEA Cyber Leader, says:  "This year’s Global Digital Trust Insights report reinforces a critical truth: cybersecurity has long been a priority issue for UK boardrooms, and what we’re seeing now is a significant shift from concern to commitment.”

“Organisations are backing up their awareness with serious investment, embedding security into innovation, and doubling down on preparations around emerging risks related to AI and quantum computing. Those that act decisively will be best positioned to build trust and resilience in an unpredictable world.” 

M&S and TCS

Marks and Spencer has called time on a contract with Tata Consultancy Services to run its IT service desk.

This closely follows on from the Indian provider conducting an internal investigation over being the origin of a cyber attack that hit the UK retailer’s systems at a cost of hundreds of millions of pounds.

“TCS provides a number of technology and IT services for M&S and we value our partnership with the TCS team,” M&S said in a statement.  “Regarding the IT service desk contract specifically, as is usual process, we went to market to test for the most suitable product available, ran a thorough process and instructed a new provider this summer.”

“This process started in January and this change has no bearing on our wider TCS relationship,” it added. 

TCS claimed that the termination and the cyber attack were “clearly unrelated”. M&S had followed a regular competitive procurement process initiated in January, and chose another service provider “much prior to the cyber incident in April”, it said in a statement.

Rachel Higham

Last month, it emerged that M&S Chief Digital and Technology Officer Rachel Higham was leaving the retailer in the wake of the aforementioned cyber attack.

Conducted by a group called Scattered Spider, this brought its online operations to a halt and resulted in empty shelves in stores.

A former WPP and BT Group executive, Higham was appointed by M&S in 2014. In an internal memo, it said she was "stepping back from her role…Rachel has been a steady hand and calm head at an extraordinary time for the business, and we wish her well for the future.”

At the time of the appointment, Stuart Machine, M&S Chief Executive, said that Higham joining the business, along with Mark Lemming becoming International Managing Director, “reflected the importance of Digital & Technology and capital light International growth to the next phase of our transformation. As I set out at our recent Capital Markets Day, we have more to do in both of these areas and so much opportunity.”

He added: “Rachel and Mark are fantastic additions to our executive team and I am confident that, with their leadership, we will accelerate the pace of change in the business as we reshape M&S for growth.”

Higham, meanwhile, commented: “I’m absolutely delighted to be joining Stuart Machin and the executive team at M&S at such an exciting time on their journey to reshape M&S for growth.”

Sources said that she was taking a career break. Operations Director Sacha Berendji, who has been Chief Recovery Officer since the cyber attack, has taken over her responsibilities.