If you run a UK cyber/security firm, here’s the uncomfortable truth: AI is not going to kill the sector.It is going to split it. And some firms will not survive that split. The percentage you actually want There is no official UK statistic that says “AI will cause X% of cyber firms to fail.” But based on: UK business churn data from the Office for National Statistics Insolvency reporting from the Insolvency Service Market analysis and commentary from the National Cyber Security Centre A realistic 10-year estimate is: 8%–20% of current UK cyber/security SMEs could fail where AI-driven competition is a significant contributing factor. Not because AI replaces “cybersecurity”. But because it replaces low-skill, labour-heavy, repeatable cyber work. Why Cyber Is Exposed (Even Though Demand Is Growing) 1. AI reduces the value of basic security services AI already handles: Log analysis First-line alert triage Phishing detection Vulnerability scanning Compliance documentation drafting Threat intelligence aggregation If your revenue model depends on: manual SOC monitoring junior analysts reviewing alerts templated compliance work penetration testing at commodity level …your margins are under pressure. Large vendors are embedding AI into platforms as standard. Smaller firms selling “human time” get squeezed. 2. Big vendors are getting stronger, faster Enterprise platforms are deploying AI across: Automated incident response Behavioural anomaly detection Predictive threat modelling The National Cyber Security Centre has repeatedly emphasised automation as key to defending at scale. The cynical interpretation? AI makes large providers more efficient.Smaller providers don’t get proportionally stronger. It widens the gap. 3. Clients expect faster, cheaper, always-on security Once AI-driven monitoring becomes normal: 24/7 human-only SOC looks expensive Reporting must be real-time Response times must shrink Detection must improve Clients won’t pay more because you “don’t use AI”. They’ll question why you’re slower. Where the 8%–20% Estimate Comes From Step 1: Baseline UK business churn ONS data shows business “death rates” close to ~10% annually across sectors in recent years (not insolvency, but closures).Source: Office for National Statistics That’s normal turnover. Step 2: Cyber has strong demand — but uneven margins The UK cyber sector is growing, supported by government strategy and spending. However: Entry barriers for “basic cyber consultancy” are relatively low. AI lowers those barriers further. Compliance-heavy services are increasingly template-automated. So the failure risk is concentrated in: small consultancies MSSPs competing on price firms relying on junior analyst labour compliance factories Advertisement Bestseller #1 Cyber, Sorted: Lock Down Your Business, Beat the Hackers, Sleep Easy at Night £9.99 Buy on Amazon Step 3: AI compresses labour models If AI cuts analyst workload by 30–50%: Larger firms absorb that as margin. Smaller firms lose their “billable hours” leverage. That is where consolidation happens. Who Is Most at Risk? High Risk (AI directly erodes value) Basic managed SOC services Entry-level pentesting shops ISO/NIS2 compliance documentation providers Generic phishing simulation vendors Low-margin MSSPs competing on price If your differentiation is “we monitor alerts for you”, AI eats that first. Advertisement Bestseller #1 Practical IoT Handbook: Programming IoT by implementing hands-on projects with Arduino, Python, and Raspberry Pi (English Edition) £29.70 Buy on Amazon Medium Risk Mid-tier consultancies without deep sector expertise Firms overly dependent on vendor resale margins Security training businesses not evolving content They survive if they adapt fast. Lower Risk (AI enhances, doesn’t replace) High-end incident response Digital forensics Complex architecture design Nation-state threat intelligence OT/ICS security Highly regulated sector specialists AI assists these firms — but human judgement and liability remain central. The Bigger Reality AI will not destroy UK cyber. It will: Reduce headcount growth. Kill junior-heavy delivery models. Force pricing transparency. Drive consolidation. Reward firms with proprietary tooling. The National Cyber Security Centre has consistently emphasised automation and resilience at scale. Scale favours the well-capitalised. The Real Threat Isn’t AI — It’s Commoditisation Cybersecurity used to be specialist. Now parts of it are: Button-click SaaS AI-generated reports Automated remediation playbooks If you sell undifferentiated services, you’re in trouble. If you sell: expertise judgement accountability regulatory credibility board-level risk understanding You are far safer. My Honest Forecast (UK Cyber Sector, 10 Years) 8% failure if AI mainly boosts productivity across the board. 12–15% failure if mid-tier commoditisation accelerates. 20% failure if automation + vendor consolidation aggressively squeeze SMEs. But the sector itself will grow. Revenue increases.Headcount growth slows.Weak players exit. What I Would Do (If I Owned a UK Cyber Firm) Build internal AI tooling before competitors do. Move upmarket — specialise deeply. Reduce dependence on junior labour. Productise recurring services. Focus on regulated verticals (finance, healthcare, infrastructure). Sell outcomes, not hours. References (UK Primary Sources) Office for National Statistics – UK business demography and closure rates Insolvency Service – Company insolvency statistics National Cyber Security Centre – UK cyber strategy, automation and resilience guidance Post navigation Are English Small Businesses Under Threat of Cyber Attacks? “We’ll get round to it later”: Why UK businesses keep ignoring cyber advice — until it’s too late