# CyberSecStats #44 - AI coding tradeoffs, UK security jobs boom and automation vs burnout

> CyberSecStats #44: UK cyber jobs up 194%, AI code 15-18% more vulnerable, OT protocol attacks up 84%, 76% of security pros emotionally exhausted.

Source: https://fmcybersecurity.com/en/insights/strategy/cybersecstats-44/
Locale: English
Other locale: https://fmcybersecurity.com/insights/strategy/cybersecstats-44/

## Metadata

- Date: 2026-05-18
- Author: fredrik-standahl
- Topic: strategy
- Format: news
- Scope: international

## This Week's Cybersecurity Eye-Openers

Three takeaways from this week's data.

**1. UK cyber security employment boom in numbers**

The UK now has almost three times as many people working in cybersecurity as five years ago (83k today vs 28k in 2021). Cybersecurity is the second-fastest-growing IT role in the UK.

**2. AI code workflows are fast but fragile**

AI-assisted workflows deliver 48-58% faster time-to-pull-request, but AI-generated code contains 15%-18% more security vulnerabilities per line and waits 4.6 times longer for human review.

**3. OT protocol attacks explode**

Attacks using operational technology protocols surged 84% in 2025, led by Modbus at 57%. Meanwhile, 71% of exploited vulnerabilities are not even in the CISA KEV catalog.

## Big Picture Reports

### 2025 Threat Roundup (Forescout)

Global analysis of cyberattack trends, exploited vulnerabilities, and shifting threat actor behavior across 2025.

**Threat trends:**

- Web applications became the most attacked service type at 61%, up from 41% in 2024, while abuse of Amazon and Google cloud infrastructure rose to over 15% of attacks.
- Attacks using OT protocols surged 84%, led by Modbus (57%), Ethernet/IP (22%), and BACnet (8%).
- 71% of exploited vulnerabilities are not in the CISA KEV catalog, and 242 new entries were added to CISA KEV, a 30% year-over-year increase.

[Read the full report here.](https://www.forescout.com/resources/2025-threat-roundup/?ref=cybersecstats.com)

## AI and Software Development

### 2026 State of AI Report (Vention)

How AI adoption has shifted from experimentation to business-critical across enterprises.

**The AI tipping point:**

- 99% of organizations report using AI in business, and 97% say AI brings real value.
- Global AI spending is projected to reach $1.5 trillion, with hardware and infrastructure accounting for 59% of total investment.
- 62% of organizations have experienced deepfake incidents, and 32% of cybersecurity leaders report AI-related attacks.

[Read the full report here.](https://ventionteams.com/solutions/ai/report?ref=cybersecstats.com)

### AI Coding Impact 2025 Benchmark Report (Opsera)

Benchmarking the security tradeoffs of AI coding assistants on developer productivity, code quality, and security.

**Fast, secure, or unique. Choose two:**

- AI coding assistants reached 90% enterprise adoption by the end of 2025, with GitHub Copilot holding 60-65% market share.
- AI-assisted workflows achieve 48-58% faster time-to-pull-request, but AI-generated PRs wait 4.6 times longer for review than human-written ones.
- AI-generated code results in 15-18% more security vulnerabilities per line, and code duplication increases from 10.5% to 13.5%.

[Read the full report here.](https://opsera.ai/resources/report/ai-coding-impact-2026-benchmark-report/?ref=cybersecstats.com)

### Digital Trust Digest (Keyfactor)

Survey of 500+ cybersecurity professionals on the security risks posed by AI agents and autonomous systems.

**Agentic AI risks:**

- 69% of cybersecurity professionals believe vulnerabilities in AI agents pose a greater threat than human misuse of AI, yet only 28% believe they can prevent a rogue AI agent from causing damage.
- 85% expect digital identities for AI agents to be as common as human and machine identities within five years.
- 68% of organizations lack full visibility or governance over AI-generated code contributions.

[Read the full report here.](https://www.keyfactor.com/digital-trust-digest-ai-identity/?ref=cybersecstats.com)

## Security Operations

### 2026 Security Operations Insights (Sumo Logic)

Research into how security teams manage tooling, automation, and cross-team alignment.

**Where integration falls short:**

- 93% of enterprise organizations use at least three security operations tools, and 55% of leaders report having too many point solutions.
- Only 51% of security operations leaders say their current SIEM is very effective at reducing mean time to detect and respond.
- 90% say AI/ML is extremely or very valuable in reducing alert fatigue, yet only 25% have fully automated threat detection and response.

[Read the full report here.](https://www.sumologic.com/guides/2026-security-operations-insights?ref=cybersecstats.com)

### Voice of Security 2026 (Tines)

AI adoption, automation, and burnout in security operations teams are not correlated the way you might think.

**Automated, but exhausted:**

- 99% of SOCs use AI, and 77% of security teams regularly rely on AI, automation, or workflow tools, yet manual or repetitive work still consumes 44% of security teams' time.
- 76% of security leaders and practitioners report emotional exhaustion and fatigue.
- Top AI-related concerns: data leakage through copilots and agents (22%), third-party and supply chain risks (21%), and evolving regulations (20%).

[Read the full report here.](https://www.tines.com/access/whitepaper/voice-of-security-2026/?ref=cybersecstats.com)

## Data Breaches and Data Security

### 2025 Annual Data Breach Report (Identity Theft Resource Center)

Comprehensive tracking of data compromises, victim notices, and consumer impact across the United States.

**More data breached, but fewer people informed:**

- A record 3,322 data compromises in 2025, up 79% over five years, yet victim notices dropped 79% to 278.8 million, the lowest since 2014.
- 70% of breach notices in 2025 did not include attack information, up from 45% in 2023.
- 88% of consumers who received a breach notice experienced at least one negative consequence, and 80% of consumers surveyed received a breach notice in the past 12 months.

[Read the full report here.](https://www.idtheftcenter.org/publication/2025-data-breach-report/?ref=cybersecstats.com)

### Protecting Data Report 2026 (Arelion)

Enterprise leaders are not very confident about data security across their own networks. They are even less confident about third-party infrastructure.

**Confidence collapses when third parties get involved:**

- 70% of senior leaders are losing sleep over critical data security, but only 52% feel very confident about data traveling across their own networks.
- Confidence in data security falls to 40% when data passes through third-party provider networks, and 49% of leaders do not know the locations of all data centers, including third-party providers.
- 48% of enterprise leaders are not fully confident they could demonstrate compliance with data protection regulations.

[Read the full report here.](https://www.arelion.com/resources/white-papers/protecting-data-report-2026?ref=cybersecstats.com)

## Industry Deep Dives

### Inside the Mind of a Hacker (Bugcrowd)

Annual survey of the global hacker community on tools, motivations, and collaboration.

**What hackers care about:**

- 82% of hackers now use AI in their workflows, up from 64% in 2023.
- 65% have chosen not to disclose vulnerabilities due to a lack of clear reporting pathways, despite 85% believing reporting is more important than making money.
- 56% say geopolitics now outweighs pure curiosity as a driving factor in hacking.

[Read the full report here.](https://www.bugcrowd.com/resources/report/inside-the-mind-of-a-hacker/?ref=cybersecstats.com)

### State of the Banking and Credit Union Industry 2026 (Wipfli)

Banking cyber risk in 2026.

**The exposed institutions:**

- 81% of banks and 77% of credit unions experienced at least one unauthorized network access incident in the past year.
- 67% of banks and 82% of credit unions are implementing AI, yet only 16% of banks have an enterprise-wide AI roadmap.

[Read the full report here.](https://www.wipfli.com/insights/research/state-of-the-banking-industry-2026?ref=cybersecstats.com)

### A Wave in Cyber (Socura/ONS)

Cybersecurity is becoming a popular job title in the UK.

**The workforce boom:**

- The UK now has 83,700 cyber security professionals, up 194% from 28,500 in 2021, making it the country's fastest-growing IT profession.
- There is now one cybersecurity professional for every 68 businesses, down from one per 196 in 2021.
- Only one in five cybersecurity professionals is female, though the number of women in the field has grown 163% since 2021.

[Read the full report here.](https://socura.co.uk/reports-and-whitepapers/a-wave-in-cyber?ref=cybersecstats.com)

---

For the full documentation index, see https://fmcybersecurity.com/llms.txt
For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt