The U.K. government announced Wednesday its Spending Review 2025 laying out plans for a step change in investment in digital and artificial intelligence (AI) across public services, including in the NHS. The government will build strong digital and technology foundations, tackle urgent cybersecurity and technical resilience risks, modernize public service delivery and drive a major overhaul in government productivity and efficiency. An additional £1.2 billion will be provided across the period to drive forward cross‑cutting digital priorities.
At this Spending Review, the government will deliver an increase of £0.6 billion to the Single Intelligence Account, comprising MI5, SIS, and GCHQ, by 2028‑29, reflecting the rising demand on the Intelligence Community to illuminate and deter threats. The settlement will deliver further investment in core infrastructure and an ongoing programme of digital transformation and research and development (R&D). It also provides funding to support the National Cyber Security Centre (NCSC) and the National Protective Security Authority in continuing their important role in the government’s growth mission.
Additionally, the government is maintaining the Integrated Security Fund, which supports a joined-up response to threats. The fund’s flexible, programme-based structure means it can adapt quickly and pivot to more acute threats. It will support investment in homeland security, cybersecurity, biosecurity and resilience where delivery relies on partnership across a number of government departments, as well as the private sector.
The settlement funds the Integrated Security Fund (ISF) to deliver interventions across the government’s national security priorities under the direction of the National Security Council. The ISF will continue to address the most serious threats to the U.K. national security, both at home and abroad. This includes state-based threats, cyber risks and transnational challenges such as counter-terrorism.
The government also identified that R&D in Northern Ireland employs over 16,000 people and is world leading in several areas, including cyber. The Spending Review 2025 grows the U.K. R&D spending across the nation from £20.4 billion in 2025‑26 to over £22.6 billion per year by 2029‑30, delivering funding for Northern Ireland-based research.
The Spending Review also confirms the previously committed £2 million for Queen’s University Belfast’s Cyber AI Hub, to continue developing research, skills, and innovation across a range of cybersecurity themes and develop a skills pipeline of cybersecurity professionals with strong industry links.
Energy security is central to the government’s national security agenda. The Spending Review noted that years of underinvestment in clean, secure, domestic energy have left the U.K. vulnerable to volatile global fossil fuel markets. The review aims to change that, ending decades of delays on critical energy projects by advancing Sizewell C, Small Modular Reactors, and Carbon Capture, Usage and Storage programs.
It also highlighted that supply chains are increasingly volatile, security threats are rising, and international partnerships are changing. Other countries are increasingly taking action to protect their economic security and promote their strategic strengths. In this era of increased geopolitical competition, the government’s strategic investments in critical technologies and supply chains will help drive resilient growth.
Earlier this week, Ollie Whitehouse, chief technology officer at the NCSC, and Paul W., principal technical director for NCSC Capability, warned in a blog post that the real cost of underinvesting in cybersecurity falls not on vendors, but on customers, insurers, government, and society at large. “These are the market failures we must address if we want to stop software and hardware vulnerabilities from being exploited,” they wrote.
Highlighting the importance of raising the bar, they noted that accelerating progress will require harnessing the power of competitive innovation to improve resilience.
“Our future digital infrastructure must be built on secure foundations in order to deliver the digital resilience we know that the next generation will require,” they added. “We believe that the need to incentivise ‘secure by design’ technology will require significant efforts over the next decade, and it’s the latest cross-cutting problem to be added to the NCSC’s research problem book.”
They concluded that the “technology to raise cyber resilience at scale exists, but it will require us – amongst other things – to ‘think big’ and drive a strategic policy agenda that fundamentally alters the dynamics of the existing market in technology and services.”
In April, the U.K. published a policy statement on Cyber Security and Resilience Bill that sets out the policy measures to be included in the forthcoming Cyber Security and Resilience Bill, which will be introduced to Parliament later this year.
