UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs

Staff Editor 2026-03-19
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs

UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs

https://www.infosecurity-magazine.com/news/uk-regulation-drives-cyber/

Publish Date: 2026-03-19 05:00:00

Source Domain: www.infosecurity-magazine.com

Security leaders at the UK’s top critical national infrastructure (CNI) firms are relying more than ever on regulatory compliance to drive their cyber maturity and investments, Bridewell has found.

In its latest Cybersecurity in CNI Report 2026, the UK-based cyber service provider found that 35% of security leaders working across the UK’s 13 CNI sectors cited regulatory requirements as the primary influence on their security programs. This is up from 26% the in 2025 and 29% the year before.

In parallel, increased connectivity, the desire to support innovation and evolving cyber threats have all stagnated as cyber maturity influences. Only 25% of respondents mentioned one of these factors as driving security investment in 2025 and 2026.

This trend is likely due to a regulatory acceleration, with new legislation like the UK’s Cyber Security Resilience Bill (CSRB) and the EU’s NIS2 directive and Cyber Resilience Act (CRA) coming into force. Moreover, the UK has recently seen the overhaul of the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF) for CNI organizations.

Speaking during a Bridewell press event in London on March 17, Sam Thornton, COO of Bridewell, said despite regulation compliance being considered more important than before for driving security investment, 35% is “still fairly low.”

“I think we will start to see regulation growing as the main driver of security investment in the next years to come,” he added.

Read more: Navigating Regulation Discrepancies – EU’s NIS 2 v UK’s Cyber Security and Resilience Bill

Regulatory Challenges Loom for UK Critical Sectors

At the same time, the Bridewell report showed that adoption of major regulatory frameworks remains inconsistent. Less than half of respondents (46%) reported implementation or compliance with the CAF and only 29% reported adoption of the EU’s NIS2 directive.

It’s therefore “unsurprising”, said the report, that 39% of respondents admit…

Source

More Stories

DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

Staff Editor 2026-06-07
Automotive Cybersecurity News Q1 2026 – Vehicle Vulnerabilities Double Year-on-Year And Hackers “Brick” Thousands of Cars | Press Releases

Automotive Cybersecurity News Q1 2026 – Vehicle Vulnerabilities Double Year-on-Year And Hackers “Brick” Thousands of Cars | Press Releases

Staff Editor 2026-06-06
Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy