The 2026 DSIT Cyber Security Sectoral Analysis reveals more than continued growth in the UK cyber sector. Beneath the headline statistics sits a deeper structural transition: cyber is increasingly becoming a distributed economic infrastructure tied to industrial resilience, operational continuity and supply-chain assurance. This article examines the implications of regionalisation, slowing employment growth, rising productivity pressure and AI-driven dependency complexity, particularly for industrial regions such as the West Midlands.

Executive Summary

The Department for Science, Innovation and Technology’s Cyber Security Sectoral Analysis 2026 presents a broadly positive picture of continued growth across the UK cyber sector. The number of firms, total revenue and overall employment all increased, while AI-related cyber capability expanded rapidly. More than half of cyber offices are now located outside London and the South East, reinforcing the increasing regionalisation of cyber capability across the UK economy.

However, beneath those headline figures, the report also reveals a more important structural shift. Employment growth has slowed sharply while productivity per employee has risen significantly. Investment activity has declined materially since 2022. Together, these trends suggest that the sector may be entering a more operationally mature phase characterised by increasing pressure towards scalable delivery capability, automation, operational leverage and commercial efficiency.

This article argues that cyber is increasingly evolving beyond a niche technology domain or specialist security function. Instead, it is becoming embedded within wider industrial systems, operational supply chains and resilience infrastructure across the broader economy. As advanced manufacturing, logistics, operational technology, AI adoption and interconnected supply chains become more dependent on digital systems, cyber resilience increasingly becomes part of industrial continuity itself.

The implications are particularly significant for regions such as the West Midlands. The region’s dense industrial base, manufacturing supply chains and operational dependency environment position it differently from intelligence-led ecosystems such as Cheltenham or finance-led ecosystems centred around London. The West Midlands may possess a structurally distinctive opportunity centred on industrial cyber resilience, supply-chain assurance and operational technology security.

At the same time, the article argues that growth statistics alone should not be mistaken for ecosystem maturity. Regional cyber economies frequently appear healthier statistically than they are operationally. The critical challenge is not simply generating startups or community activity, but developing progression infrastructure capable of supporting firms through procurement access, commercial validation, investment maturity and scalable growth.

Ultimately, the article concludes that the UK cyber economy is undergoing a broader structural transition. Cyber resilience is increasingly becoming part of the economic infrastructure underpinning operational trust, industrial continuity and national resilience itself. The key strategic question is no longer whether cyber matters economically, but which regions are capable of organising around that reality quickly enough to capture the resulting long-term advantage.

Contents

1. Introduction: The Comfortable Reading of the DSIT Report

The Department for Science, Innovation and Technology’s 2026 Cyber Security Sectoral Analysis is, on the surface, another positive growth story for the UK cyber sector.

The full DSIT report can be found here, although the more interesting signals sit underneath the headline growth statistics: https://www.gov.uk/government/publications/cyber-security-sectoral-analysis-2026

The headline figures are all there.

The sector now comprises 2,603 firms, representing a 20% increase year on year. Revenue has risen to £14.7 billion. Employment has increased to almost 70,000 full-time equivalent roles. The number of firms offering cyber security services related to AI has risen dramatically. More than half of UK cyber offices are now located outside London and the South East.

Most commentary will stop there.

It will frame the report as evidence that cyber continues to grow, that investment remains active, and that the UK retains a strong position internationally. None of that is incorrect, but it misses the more important structural signal emerging underneath the statistics.

The shape of the UK cyber economy is changing.

Cyber is no longer developing primarily as a London-centric professional services market or as a specialist national security capability clustered around a relatively small number of government-adjacent ecosystems. It is increasingly becoming distributed economic infrastructure embedded within wider regional economies, industrial systems and operational supply chains.

That distinction matters because it changes the strategic question.

The question is no longer whether cyber matters economically. That argument has already been won.

The question is which regions are structurally positioned to organise around cyber resilience quickly enough to capture the resulting economic, operational and strategic value.

The 2026 DSIT Cyber Security Sectoral Analysis presents a broadly positive picture of continued growth across the UK cyber sector. The number of firms has increased to 2,603, sector revenue has risen to £14.7 billion, employment has expanded to nearly 70,000 full-time equivalent roles, and AI-related cyber capability has grown rapidly. On the surface, the report appears to reinforce a familiar narrative: that the UK cyber sector continues to grow steadily in economic significance, investment and national capability.

However, beneath those headline figures sits a more important structural story. The report suggests that the UK cyber economy is changing shape. Growth is no longer concentrated solely around London-centric professional services or government-adjacent security ecosystems. Cyber is increasingly becoming embedded within wider operational, industrial and regional economic systems. At the same time, slowing employment growth, increasing productivity per employee and declining investment activity may indicate that the sector is entering a more mature and operationally demanding phase of development.

2. What The DSIT Report Actually Says

Before exploring the wider structural implications, it is worth summarising the headline findings of the Department for Science, Innovation and Technology’s Cyber Security Sectoral Analysis 2026 directly.

The report presents a broadly positive picture of continued growth across the UK cyber sector.

According to DSIT, the UK cyber sector now comprises 2,603 firms, representing a 20% increase year on year. Sector revenue increased to approximately £14.7 billion, an 11% increase compared with 2024. Total employment rose to around 69,600 full-time equivalent roles across the UK economy, although this represented only 3% growth, the slowest rate recorded since the time series began in 2018.

At the same time, gross value added per employee rose sharply to approximately £131,200, representing a 13% increase. The report also identified continued regional expansion across the UK, with more than half of cyber offices now located outside London and the South East.

One of the fastest-growing areas identified within the report relates to artificial intelligence. The number of firms offering cyber security capabilities related to AI increased by 68% in a single year, rising from 66 firms to 111.

However, despite overall sector growth, investment activity appears to be slowing. The sector raised approximately £184 million across 47 deals during the reporting period, representing an 11% decline compared with 2024 and a 39% decline compared with 2022 levels.

Taken together, the report paints a picture of a sector that continues to expand economically, but which may also be entering a more operationally mature phase characterised by increasing productivity pressure, regional diversification, AI-driven capability growth and a more constrained investment environment.

Most importantly, the report reinforces that cyber is no longer a niche technology domain operating at the margins of the economy. It is increasingly becoming embedded within the wider operational, industrial and resilience structures upon which the UK economy itself depends.

2.1 Themes Emerging from the DSIT Analysis

DSIT summarises the report’s findings as follows:

The main findings from this year’s report are:

• The UK cyber sector now comprises 2,603 firms, a 20% increase.
• The sector generated £14.7 billion in revenue, an 11% increase year on year.
• Total cyber employment rose to ~69,600 FTEs, a 3% increase, the lowest growth rate since the time series began in 2018.
• GVA per employee rose to approximately £131,200, up 13% from last year.
• The sector raised £184 million across 47 deals, an 11% decline from 2024 and a 39% decline since 2022.
• Over 50% of cyber offices are now located outside London and the South East.
• The number of firms offering cyber security for AI increased by 68% in one year, from 66 to 111 firms.

At face value, these findings present a healthy and expanding sector. The UK cyber economy continues to grow in firm count, revenue and overall employment, while new capability areas such as AI-related cyber security are expanding rapidly.

However, when viewed structurally rather than simply statistically, several important themes begin emerging from the report.

First, the data strongly reinforces the argument that cyber capability is regionalising. The fact that more than half of cyber offices are now located outside London and the South East suggests that cyber is no longer operating as a geographically concentrated niche sector. Instead, capability is increasingly distributing itself alongside wider economic demand. This aligns closely with the argument developed throughout this series and within the recent West Midlands cyber ecosystem papers: cyber resilience is increasingly becoming embedded within operational economies, industrial systems and regional supply chains rather than remaining isolated within traditional enterprise IT or government security environments.

Second, the relationship between revenue growth, employment growth and productivity growth may indicate that the UK cyber sector is entering a more mature phase of development. Revenue increased by 11%, while employment increased by only 3%, the slowest rate since the dataset began. At the same time, GVA per employee rose sharply by 13%.

Taken together, this suggests increasing productivity pressure across the sector. Growth may increasingly depend less on headcount expansion and more on automation, operational leverage, platformisation, AI-assisted capability and scalable delivery models. This is particularly important for regions such as the West Midlands because it reinforces the distinction between simply creating cyber SMEs and creating progression infrastructure capable of supporting firms through commercial scaling.

Third, the decline in investment activity may be more significant than it initially appears. Although the sector continues to grow economically, investment has declined materially since 2022. This potentially reinforces concerns that parts of the UK cyber ecosystem remain structurally weak at the scale-up stage. In practice, many ecosystems successfully support startup formation and early-stage activity, but struggle to support firms through the difficult transition towards sustainable growth, procurement maturity and long-term operational scale.

Fourth, the rapid growth in AI-related cyber capability reinforces the broader argument that cyber resilience is increasingly converging with operational dependency. AI adoption increases system interconnectedness, governance complexity, automation dependency and supply-chain assurance requirements. In industrially interconnected regions such as the West Midlands, this convergence is likely to accelerate the importance of cyber resilience as part of industrial continuity itself.

In this sense, the DSIT report ultimately reinforces something more important than simple sector growth.

It reinforces the idea that cyber is evolving into a foundational layer of economic resilience infrastructure across the wider UK economy.

3. Growth Does Not Necessarily Mean Maturity

One of the limitations of sectoral analysis is that growth statistics can obscure structural weakness.

An increase in firm count does not necessarily indicate ecosystem maturity. Rising revenue does not automatically translate into resilience capability. Expanding employment figures do not guarantee that regions are developing scalable delivery capacity, investment pathways or long-term anchor firms.

This distinction matters because cyber ecosystems frequently appear healthier statistically than they are operationally.

A region may contain hundreds of small firms, active networking communities, accelerator programmes and educational initiatives while still lacking the mechanisms required to convert fragmented activity into sustainable economic capability. In practice, many cyber ecosystems are structurally strong at formation and structurally weak at progression.

The DSIT report itself indirectly reflects some of these tensions.

The slowdown in employment growth alongside rising productivity may suggest that the sector is entering a more operationally demanding phase in which firms face increasing pressure to scale efficiently rather than simply expand headcount. At the same time, declining investment activity may indicate that access to growth capital is becoming more constrained precisely at the point where ecosystems require stronger scale-up capability.

Equally, the regional distribution of firms should not automatically be interpreted as evidence of mature regional cyber economies. Geographic presence alone does not create a cluster. A genuine cyber economic cluster requires progression infrastructure, procurement access, operational credibility, investment mechanisms, workforce pipelines and the ability to produce firms capable of scaling beyond local consultancy markets.

This distinction is particularly important for the West Midlands.

The region already possesses many of the foundational components of a functioning cyber ecosystem: SMEs, universities, practitioner communities, resilience initiatives and coordination activity. The strategic challenge is no longer whether cyber activity exists within the region. The challenge is whether the ecosystem can develop the commercial, operational and governance structures required to support long-term scaling and resilience capability at national significance.

In that sense, the most important question raised by the DSIT report is not whether the UK cyber sector is growing.

It clearly is.

The more important question is whether the structures underpinning that growth are mature enough to sustain long-term operational resilience, scalable capability and regional economic progression over the next decade.

4. Regionalisation Is No Longer Theoretical

The 2026 DSIT report strongly suggests that regionalisation is now accelerating. The fact that over half of cyber offices are now located outside London and the South East is not simply an interesting geographic observation. It represents a significant shift in the underlying distribution of cyber capability and demand across the UK economy.

One of the most strategically significant findings in the DSIT report is that more than half of UK cyber offices are now located outside London and the South East. This suggests that the regionalisation of cyber capability is no longer aspirational policy rhetoric but an observable economic reality.

This matters because cyber demand itself is becoming increasingly distributed across the wider economy. Growth is no longer driven exclusively by traditional enterprise IT security, government and defence. Instead, cyber resilience is becoming increasingly tied to advanced manufacturing, logistics, operational technology, critical infrastructure, AI adoption and interconnected supply chains. As economies become more digitally and operationally integrated, cyber resilience increasingly becomes part of industrial continuity and economic resilience itself.

For regions such as the West Midlands, this creates a potentially significant strategic opportunity. The region’s dense industrial base, manufacturing supply chains and operational dependency environment position it differently from intelligence-led ecosystems such as Cheltenham. Rather than replicating national security-focused cyber clusters, the West Midlands may be better positioned to develop capability around industrial cyber resilience, supply-chain assurance and operational technology security.

This matters because cyber demand itself is changing.

Historically, large parts of the UK cyber economy evolved around central government, financial services, defence, and traditional enterprise IT security. Those sectors remain critically important, but they are no longer the sole drivers of cyber growth. Increasingly, cyber demand is emerging from operational dependency itself: advanced manufacturing, logistics, critical infrastructure, industrial digitisation, operational technology, interconnected supply chains, AI adoption and resilience regulation.

In other words, cyber is becoming increasingly tied to the functioning of the real economy.

That shift is particularly important for regions such as the West Midlands.

For some time, I have argued that the West Midlands possesses a structurally distinctive position within the UK cyber landscape. Not because it resembles Cheltenham, and not because it should attempt to compete directly with London’s financial and enterprise security ecosystem, but because it sits at the centre of one of the UK’s most operationally interconnected industrial economies.

The strategic opportunity is not to recreate another intelligence-adjacent ecosystem. Cheltenham’s strengths emerge from national security concentration and government proximity. The West Midlands possesses a different structural advantage: proximity to industrial dependency itself. That distinction matters because the future growth of cyber demand may increasingly emerge from operational resilience across the wider economy rather than solely from traditional security domains.

The West Midlands is fundamentally a region that makes, moves and coordinates things.

It contains dense manufacturing supply chains, major logistics operations, aerospace capability, defence-linked industry, transport infrastructure and increasingly digitised industrial systems. These are not simply sectors that happen to consume cyber services. They are environments where cyber resilience increasingly becomes inseparable from operational continuity itself.

5. Cyber Resilience Is Becoming Industrial Resilience

That distinction is critical.

Cyber disruption inside highly interconnected industrial systems is rarely confined to data loss. It propagates operationally. Production slows or stops. Logistics fail. Suppliers disconnect. Delivery schedules collapse. Manufacturing tolerances become safety concerns. Dependencies cascade across networks of firms operating on increasingly thin operational margins.

In that environment, cyber resilience becomes part of industrial resilience.

Consider a modern automotive supply chain operating across the West Midlands. Tier-one and tier-two suppliers increasingly depend on interconnected ERP systems, operational technology, logistics coordination platforms and digitally integrated manufacturing environments. A cyber incident affecting a relatively small supplier may no longer remain isolated to that organisation. Production schedules slip downstream. Just-in-time logistics assumptions fail. Component traceability becomes uncertain. Delivery penalties begin propagating through contractual chains. What initially appears to be a cyber incident rapidly becomes an industrial continuity event.

This is precisely where the DSIT report becomes more strategically interesting than many observers may realise.

One of the most revealing figures in the report is not the increase in revenue or the increase in firm count. It is the sharp slowdown in employment growth.

Revenue increased by 11%.

Employment increased by only 3%, the slowest rate since the time series began in 2018.

At the same time, gross value added per employee rose by 13%.

Those three figures together strongly imply that the UK cyber sector may be entering a transition phase.

The earlier phase of rapid expansion through headcount growth appears to be slowing. In its place, we are likely seeing increasing pressure towards productivity, automation, platform leverage, AI-assisted capability and operational scaling efficiency.

That changes the regional development challenge considerably.

6. The Progression Problem

It is relatively easy to create fragmented ecosystems full of micro-consultancies, early-stage firms and disconnected initiatives. The UK already has many examples of this. What is substantially harder is creating progression infrastructure capable of converting fragmented activity into scalable economic capability.

This is one of the central structural problems currently facing the West Midlands cyber ecosystem.

The region does not lack cyber activity. It already contains a growing population of cyber SMEs, active practitioner communities, universities, skills pipelines, a police-led Cyber Resilience Centre, regional partnerships and now the beginnings of coordination infrastructure through the West Midlands Cyber Hub.

What the ecosystem lacks is progression.

Firms are able to form and participate in the ecosystem, but frequently struggle to secure procurement access, achieve commercial validation, access growth capital or scale beyond consultancy-led delivery models. The result is a structurally imbalanced ecosystem dominated by micro-SMEs with relatively limited scale-up progression.

Procurement is particularly important because it effectively determines which firms are permitted to mature. In many cases, regional cyber ecosystems do not fail because capability is absent. They fail because procurement frameworks systematically favour incumbent suppliers, large consultancies and already-established delivery relationships. Without mechanisms that allow emerging firms to achieve operational validation at meaningful scale, ecosystems remain trapped in perpetual early-stage fragmentation.

The DSIT report suggests this challenge may now become more acute nationally.

The reduction in investment activity is particularly important here. The sector raised £184 million across 47 deals, representing an 11% decline from 2024 and a 39% decline since 2022.

That matters because ecosystem maturity is not measured simply by startup formation or networking activity. It is measured by whether firms can progress through the difficult middle stages between initial capability and sustainable scale.

This is where many regional ecosystems struggle.

They successfully generate awareness, community activity, educational engagement and early-stage entrepreneurship, but fail to develop the procurement pathways, investment mechanisms and operational integration necessary to support long-term scaling.

That creates a structural risk.

Without progression infrastructure, regions often become extraction environments rather than growth environments. Early-stage firms emerge locally, but scale elsewhere. Capability leaves the region. Procurement consolidates externally. Investment flows towards already dominant ecosystems. Local ecosystems remain permanently trapped in fragmented early-stage maturity.

The danger is not collapse. It is stagnation.

7. AI Changes The Dependency Model

This is also why the rapid growth of AI-related cyber capability within the DSIT report deserves more serious attention than it will probably receive.

The report highlights a 68% increase in firms offering cyber security for AI. Most discussion around this will focus narrowly on AI security products or emerging technical risks. The more important issue is that AI accelerates dependency complexity across already interconnected systems.

AI increases automation, decision-speed, operational coupling and system interdependence. It also increases governance complexity, assurance requirements and the importance of trusted operational resilience.

At the same time, resilience assurance requirements are steadily expanding across supply chains. Larger organisations increasingly require demonstrable cyber maturity from suppliers, logistics partners and operational contractors. This shifts cyber from a discretionary technology spend towards a participation requirement for economic integration itself. In practice, cyber capability increasingly becomes part of the trust architecture underpinning modern industrial supply chains.

In industrial environments, this becomes particularly significant.

The convergence of AI, operational technology, industrial automation and interconnected supply chains creates entirely new forms of systemic dependency. Regions with dense industrial ecosystems are therefore likely to experience cyber resilience pressures earlier and more intensely than less operationally integrated regions.

Again, this places the West Midlands in an unusually important position.

The region’s comparative advantage is unlikely to emerge through trying to replicate intelligence-led national security ecosystems. It is more likely to emerge through applied industrial cyber resilience, supply-chain assurance, operational technology security and resilience coordination across complex industrial environments.

8. Conclusion: This Is No Longer Merely A Commercial Opportunity

Importantly, this is not merely a commercial opportunity.

It is increasingly becoming a national resilience issue.

The UK economy is becoming structurally dependent on interconnected digital and operational systems at precisely the same time that geopolitical instability, supply-chain fragility, AI adoption and resilience regulation are all intensifying simultaneously.

That means cyber resilience is no longer simply a technical discipline sitting inside IT departments. It is becoming part of the governance and operational infrastructure required to maintain economic continuity itself.

Historically, economies treated cyber largely as a protective layer wrapped around digital systems. Increasingly, cyber resilience resembles infrastructure in its own right. Like energy resilience, logistics resilience or transport resilience, its failure characteristics propagate outward into the wider economy. The more interconnected operational systems become, the less meaningful it becomes to separate “cyber problems” from broader economic continuity problems.

The regions that recognise this shift earliest may develop significant long-term advantages.

The challenge for the West Midlands is therefore not proving that cyber matters. The evidence for that is now overwhelming.

The challenge is whether the region can organise around the opportunity quickly enough.

That requires more than awareness campaigns, disconnected interventions or loosely defined “cluster” branding exercises. It requires progression infrastructure. It requires coordination. It requires procurement pathways. It requires investment mechanisms. It requires operational integration between industry demand and cyber supply capability.

Most importantly, it requires recognising that cyber is no longer a peripheral technology specialism.

It is increasingly becoming part of the economic infrastructure that underpins industrial resilience, supply-chain continuity and operational trust across the wider economy.

What DSIT’s analysis ultimately demonstrates is not simply the continued growth of a technology sector. It demonstrates the gradual restructuring of how resilience capability is distributed across the UK economy itself.

The DSIT report demonstrates that this transition is already underway.

The remaining question is which regions are prepared for what comes next.