CyberSecStats #44 - AI coding tradeoffs, UK security jobs boom and automation vs burnout
CyberSecStats #44: UK cyber jobs up 194%, AI code 15-18% more vulnerable, OT protocol attacks up 84%, 76% of security pros emotionally exhausted.
This Week’s Cybersecurity Eye-Openers
Three takeaways from this week’s data.
1. UK cyber security employment boom in numbers
The UK now has almost three times as many people working in cybersecurity as five years ago (83k today vs 28k in 2021). Cybersecurity is the second-fastest-growing IT role in the UK.
2. AI code workflows are fast but fragile
AI-assisted workflows deliver 48-58% faster time-to-pull-request, but AI-generated code contains 15%-18% more security vulnerabilities per line and waits 4.6 times longer for human review.
3. OT protocol attacks explode
Attacks using operational technology protocols surged 84% in 2025, led by Modbus at 57%. Meanwhile, 71% of exploited vulnerabilities are not even in the CISA KEV catalog.
Big Picture Reports
2025 Threat Roundup (Forescout)
Global analysis of cyberattack trends, exploited vulnerabilities, and shifting threat actor behavior across 2025.
Threat trends:
- Web applications became the most attacked service type at 61%, up from 41% in 2024, while abuse of Amazon and Google cloud infrastructure rose to over 15% of attacks.
- Attacks using OT protocols surged 84%, led by Modbus (57%), Ethernet/IP (22%), and BACnet (8%).
- 71% of exploited vulnerabilities are not in the CISA KEV catalog, and 242 new entries were added to CISA KEV, a 30% year-over-year increase.
AI and Software Development
2026 State of AI Report (Vention)
How AI adoption has shifted from experimentation to business-critical across enterprises.
The AI tipping point:
- 99% of organizations report using AI in business, and 97% say AI brings real value.
- Global AI spending is projected to reach $1.5 trillion, with hardware and infrastructure accounting for 59% of total investment.
- 62% of organizations have experienced deepfake incidents, and 32% of cybersecurity leaders report AI-related attacks.
AI Coding Impact 2025 Benchmark Report (Opsera)
Benchmarking the security tradeoffs of AI coding assistants on developer productivity, code quality, and security.
Fast, secure, or unique. Choose two:
- AI coding assistants reached 90% enterprise adoption by the end of 2025, with GitHub Copilot holding 60-65% market share.
- AI-assisted workflows achieve 48-58% faster time-to-pull-request, but AI-generated PRs wait 4.6 times longer for review than human-written ones.
- AI-generated code results in 15-18% more security vulnerabilities per line, and code duplication increases from 10.5% to 13.5%.
Digital Trust Digest (Keyfactor)
Survey of 500+ cybersecurity professionals on the security risks posed by AI agents and autonomous systems.
Agentic AI risks:
- 69% of cybersecurity professionals believe vulnerabilities in AI agents pose a greater threat than human misuse of AI, yet only 28% believe they can prevent a rogue AI agent from causing damage.
- 85% expect digital identities for AI agents to be as common as human and machine identities within five years.
- 68% of organizations lack full visibility or governance over AI-generated code contributions.
Security Operations
2026 Security Operations Insights (Sumo Logic)
Research into how security teams manage tooling, automation, and cross-team alignment.
Where integration falls short:
- 93% of enterprise organizations use at least three security operations tools, and 55% of leaders report having too many point solutions.
- Only 51% of security operations leaders say their current SIEM is very effective at reducing mean time to detect and respond.
- 90% say AI/ML is extremely or very valuable in reducing alert fatigue, yet only 25% have fully automated threat detection and response.
Voice of Security 2026 (Tines)
AI adoption, automation, and burnout in security operations teams are not correlated the way you might think.
Automated, but exhausted:
- 99% of SOCs use AI, and 77% of security teams regularly rely on AI, automation, or workflow tools, yet manual or repetitive work still consumes 44% of security teams’ time.
- 76% of security leaders and practitioners report emotional exhaustion and fatigue.
- Top AI-related concerns: data leakage through copilots and agents (22%), third-party and supply chain risks (21%), and evolving regulations (20%).
Data Breaches and Data Security
2025 Annual Data Breach Report (Identity Theft Resource Center)
Comprehensive tracking of data compromises, victim notices, and consumer impact across the United States.
More data breached, but fewer people informed:
- A record 3,322 data compromises in 2025, up 79% over five years, yet victim notices dropped 79% to 278.8 million, the lowest since 2014.
- 70% of breach notices in 2025 did not include attack information, up from 45% in 2023.
- 88% of consumers who received a breach notice experienced at least one negative consequence, and 80% of consumers surveyed received a breach notice in the past 12 months.
Protecting Data Report 2026 (Arelion)
Enterprise leaders are not very confident about data security across their own networks. They are even less confident about third-party infrastructure.
Confidence collapses when third parties get involved:
- 70% of senior leaders are losing sleep over critical data security, but only 52% feel very confident about data traveling across their own networks.
- Confidence in data security falls to 40% when data passes through third-party provider networks, and 49% of leaders do not know the locations of all data centers, including third-party providers.
- 48% of enterprise leaders are not fully confident they could demonstrate compliance with data protection regulations.
Industry Deep Dives
Inside the Mind of a Hacker (Bugcrowd)
Annual survey of the global hacker community on tools, motivations, and collaboration.
What hackers care about:
- 82% of hackers now use AI in their workflows, up from 64% in 2023.
- 65% have chosen not to disclose vulnerabilities due to a lack of clear reporting pathways, despite 85% believing reporting is more important than making money.
- 56% say geopolitics now outweighs pure curiosity as a driving factor in hacking.
State of the Banking and Credit Union Industry 2026 (Wipfli)
Banking cyber risk in 2026.
The exposed institutions:
- 81% of banks and 77% of credit unions experienced at least one unauthorized network access incident in the past year.
- 67% of banks and 82% of credit unions are implementing AI, yet only 16% of banks have an enterprise-wide AI roadmap.
A Wave in Cyber (Socura/ONS)
Cybersecurity is becoming a popular job title in the UK.
The workforce boom:
- The UK now has 83,700 cyber security professionals, up 194% from 28,500 in 2021, making it the country’s fastest-growing IT profession.
- There is now one cybersecurity professional for every 68 businesses, down from one per 196 in 2021.
- Only one in five cybersecurity professionals is female, though the number of women in the field has grown 163% since 2021.