The past year has seen a surge in cyber attacks across the UK, affecting organisations of every size and sector. From retail giants and financial institutions to local authorities and charities, no industry is immune to the evolving tactics of cybercriminals. Ransomware, phishing, and supply chain breaches have disrupted operations, exposed sensitive data, and caused significant financial and reputational harm.
The UK government’s latest Cyber Security Skills in the Labour Market report confirms what many in the sector already know: skill shortages remain a persistent challenge, even as the workforce grows. Demand for cyber professionals continues to outstrip supply, with advanced roles in incident response, penetration testing, and privacy expertise particularly hard to fill. Almost half of businesses report gaps in basic cyber abilities (firewall configuration, malware detection, and setting secure defaults), against backdrop of increasing cyberattacks in all sectors.
The changing technology landscape: AI and new risks
The report highlights how artificial intelligence is rapidly reshaping the threat landscape. More than half of cyber firms now use AI in their daily operations, and two-thirds expect demand for AI-related cyber skills to rise sharply in the coming year. This shift is not just about new tools; it is fundamentally changing the skills organisations need and the risks they face.
The report notes that while AI is enhancing cyber defence (improving threat detection, automating routine tasks, and enabling predictive analytics), it also introduces complex new vulnerabilities.
Organisations are grappling with the risks of “shadow AI”, where tools are deployed without formal approval, potentially leading to data leakage or the inadvertent use of personal data in public AI models. The pressure to adopt AI-enabled solutions, often driven by vendors offering upgrades on a “take it or leave it” basis, can leave little room for risk assessment or negotiation.
Crucially, the report finds that many organisations have yet to fully embed privacy and data protection expertise into their AI governance frameworks. This can result in blind spots around compliance, data handling, and contractual safeguards, especially as outsourcing and third-party AI solutions become more common.
For further guidance on managing AI risks and building resilience, Mills & Reeve’s AI page offers practical insights and resources. Our data protection team is also experiences in advising client in relation to potential data breaches involving the use of AI.
Diversity: A strategic imperative
The report finds that only 17% of the cyber workforce is female, and ethnic minority representation in senior roles remains low. Studies show that diverse teams are better equipped to anticipate threats, challenge assumptions, and innovate. Yet, as the government’s report and sector analysis reveal, progress has been slow. Women and ethnic minorities remain underrepresented, especially in senior positions, and cultural barriers persist. Industry leaders agree: to close the skills gap, organisations must actively recruit from a wider talent pool, foster inclusive cultures, and support career progression for all.
Mills & Reeve’s Inspiring Women in Tech initiative aims to empower and celebrate women in technology, offering resources and community support for those looking to advance their careers. We offer online webinars that delve into the personal experiences of women in the industry and look at key topics of interest, and in-person networking opportunities to build meaningful connections with peers and industry leaders.
How we can help
At Mills & Reeve, our Defensive Lines campaign highlights the need for proactive preparation. Cyber risk is now a board-level issue, and resilience requires more than technology. It demands integrated governance, investment in human capital, and collaborative ecosystems.
Our cyber response team supports clients with layered defences, regulatory compliance, breach response, and reputation management.
Our content explained
Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.