Infosecurity Magazine reports that regulatory compliance was observed by Bridewell to have overtaken innovation and threat evolution as the primary driver of cybersecurity investment across the UK's critical national infrastructure.
Some 35% of security leaders now cite regulatory requirements as their main influence, up from 26% in 2025, driven by new legislation, including the UK's Cyber Security Resilience Bill, the EU's NIS2, and the overhauled NCSC Cyber Assessment Framework, according to Bridewell's 2026 Cybersecurity in CNI Report.
Despite this, adoption remains inconsistent, with less than half reporting CAF implementation and only 29% noting NIS2 compliance. Bridewell COO Sam Thornton noted 35% is "still fairly low" but predicted regulation will grow as the main driver.
CEO Anthony Young warned that "compliance on paper does not automatically translate into operational resilience," with regulators now demanding real-world capability demonstration. The report found 93% of UK CNI organizations experienced cyber incidents last year, with 50% citing IT disruption and 34% operational technology impact. AI emerged as the second-highest concern after data protection, with 36% already using AI for incident response.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
