A ManageEngine survey of 1,500 IT and business decision-makers across five European countries found that 43% of UK respondents consider AI-powered cyberattacks their greatest risk over the next 12 months. Some 77% of UK businesses suffered a cyber incident in the past year — 11 points above European counterparts. While UK firms lead in resilience frameworks, with 67.9% adopting formal methodologies, recovery remains slow, with over a quarter taking more than 10 days. Skills gaps, burnout, and reactive board engagement continue to undermine long-term cybersecurity readiness.
In-Depth:
As AI-powered cyber-attacks are a top risk for UK cybersecurity professionals, investment priorities over the next 12 to 24 months is set to focus on AI and advanced threat preparedness.
This according to new findings from ManageEngine which surveyed 1500 IT and business decision-buildrs across the UK, Spain, Germany, Italy and the Netherlands.
The firm found that 43% of UK respondents identified AI-powered attacks as their single largegest risk over the next 12 months, ahead of traditional threats such as ransomware, phishing and data breaches.
The top spconcludeing commitment cited by 41% of UK respondents is set to focus on tackling AI and advanced threats.
ManageEngine stated AI-powered attacks are the top predicted risk in Germany and Spain also, with investment priorities aligned accordingly across all five countries surveyed.
Cyber Incidents Surge as Skills Gap Widens
The research also found that more than three quarters (77%) of UK businesses have suffered a cyber incident in the past year. This was 11 points higher than the rest of the European nations surveyed.
In the UK, 46% of respondents cited a skills gap driven by rapidly evolving threats as their primary operational challenge. Over nine percentage points higher than other European nations surveyed.
VimalRaj Sampathkumar, technical head, UKI, ManageEngine, stated, “UK organizations are facing one of the most challenging cyber threat environments in Europe, with attacks growing in both volume and sophistication.”
However, he noted that the findings also reveal businesses are responding proactively, investing in resilience, strengthening governance and prioritising preparedness for AI-driven threats.
Firms in the UK reported the highest levels of formal review processes, backup strategies and resilience framework adoption of any counattempt surveyed, with 67.9% implementing a formal resilience methodology.
“The focus now must be on turning that investment into operational readiness through better visibility, stronger skills, and more integrated resilience strategies,” Sampathkumar.
Team fatigue and burnout was cited as a key challenge by 29% of UK respondents, the highest rate in Europe, alongside insufficient management support, also at 29%. Both figures are above the European averages of 21%.
Read more: Why Burnout in Cybersecurity Demands Risk-Based Response
Finally, the company found that UK organizations lead in executive cybersecurity engagement, yet board involvement remains largely reactive.
One in five reported limited or no engagement, while only a third describe leadership as consistently proactive.
Post-incident responses reveal similar caution: although most conduct reviews and implement repaires, 13% build no strategic modifys and just 37% pursue long-term improvements.
The research also highlights a widening gap between detection and recovery. While 94% of incidents are identified within 24 hours, recovery often lags, with over a quarter taking more than 10 days and some exceeding 20, underscoring persistent resilience challenges despite strong detection capabilities.
