| Updated:
As the UK government ramps up pressure on businesses to strengthen their cyber defences over Anthropic’s Mythos, professional services firms are already feeling increasingly anxious about cybersecurity.
In the last month, a hacker gained access to one of Bain & Co’s internal AI tools, which followed another attack that exposed cybersecurity flaws in a system at rival McKinsey.
But this isn’t unique to consultancy, as law firms have faced cybersecurity issues over the years, with Stewarts reporting recently that criminals have been sending emails or faxes to the public pretending to be the law firm.
While in a recent Law Society report, respondents said cybersecurity was the defining challenge for law firms. The ongoing rise in IT costs has been the main driver of non-salary spend, driven by consolidation in the software supplier market and rising AI spend.
Professional services firms, which hold vast amounts of client data and client money, are among the biggest sectors investing heavily in AI, an adoption that is also exposing critical “software vulnerabilities”.
The rapid adoption of powerful AI tools has triggered alarms across governments, banks, and regulators alike, with warnings that these systems could expose organisations to threats at unprecedented speed.
Toby Lewis, global head of threat analysis, Darktrace, told City AM, “Professional services businesses are giving agents significant access to internal data and applications, but agents have none of the judgement of a human, making them easy to hijack and exploit either by an external bad actor tricking the model or by an insider taking advantage.”
“Ultimately, in increasingly AI-defined corporate environments, security teams need to move to a mindset that stops focusing on ‘hardening the walls’.
“They need to assume they can’t stop every attacker gaining a foothold and focus on detection and containment of threats that have made it into the organisation, whether it’s human or machine.”
“Fortunately, this is an area where AI is putting attackers ahead and is enabling those threats to be identified at a speed and scale that can keep defenders ahead of the threat,” Lewis added.
Attacks prompt businesses to spend on consultancy
On the flip side, following a year of severe headline-grabbing cyberattacks on the likes of Jaguar Land Rover, Marks and Spencer (M&S), and Heathrow Airport, the disruption and financial damage this caused shifted cybersecurity to the top of businesses’ risk list.
The surge in cybersecurity concerns has led Source Global Research Data to forecast that the UK cybersecurity consulting market will reach £2.2bn in 2026, with a 16 per cent growth rate.
Catherine Anderson, director of delivery, Source Global Research, said: “The continuing uptake of AI—with its own security implications—and the increasingly important role it plays in how organisations operate is intensifying demand for cybersecurity consulting.”
![[Webinar] The Data Behind the Deception: Inside Optery’s 2026 Enterprise Social Engineering Survey](https://decybr.com/wp-content/uploads/2026/04/21938-webinar-the-data-behind-the-deception-inside-opterys-2026-enterprise-social-engineering-survey-150x150.png)
![[Webinar] The Data Behind the Deception: Inside Optery’s 2026 Enterprise Social Engineering Survey](https://decybr.com/wp-content/uploads/2026/04/21938-webinar-the-data-behind-the-deception-inside-opterys-2026-enterprise-social-engineering-survey-100x100.png){kind=small}
