Best-in-class sales and operational efficiency, with over 5,200 organisations worldwide relying on NodeZero

Horizon3.ai, the AI-native proactive security leader, today announced strong FY2026 growth, with annual recurring revenue (ARR) increasing 102% year over year. This momentum is driven by rapid enterprise and MSSP adoption, as organisations turn to NodeZero to identify and eliminate exploitable attack paths in production environments.

In excess of 5,200 organisations globally, from Fortune 10 enterprises to local school districts, hospitals, manufacturers, financial institutions, defence contractors, and government agencies, rely on NodeZero to continuously validate and harden their defences in production environments.

Key business and operational metrics include:

● 125% Net Dollar Retention, reflecting expansion from pentesting into broader exposure management use cases

● 94% Gross Dollar Retention, demonstrating strong customer retention and increasing testing frequency

● 32% of Q4 bookings originated by channel partners

Approximately 70% of customers are serviced through Managed Security Service Providers (MSSPs), one of the company’s fastest-growing segments. MSSPs are using NodeZero to deliver continuous validation services while expanding into higher-value offerings such as remediation, threat hunting, SOC optimisation, and advisory services.

“MSSPs play a critical role, especially in international markets where local relationships and trust matter,” Snehal Antani, CEO and Co-Founder of Horizon3.ai told That's Texchnology.

“They allow us to scale globally while enabling partners to build high-margin service offerings on top of NodeZero.”

“Vulnerability prioritisation has never been more critical,” Snehal continued. “AI is accelerating vulnerability research, and defenders are overwhelmed deciding what not to fix. Pentesting remains the most effective way to identify what is actually exploitable and focus remediation on what matters.”

“Cybersecurity is currently vital, driven both by the rapid advancement of AI and a more unstable geopolitical landscape,” Dan Bird MBE, Field Chief Technology Officer for EMEA at Horizon3.ai added. “Organisations are right to take every possible step to protect their IT environments and critical business services. But the key is focusing on what can actually be exploited, and where teams need to act first.”

Horizon3.ai

Cybersecurity is the UK’s hottest tech skill as demand and salaries soar

Cybersecurity expertise has risen to the forefront of the UK’s technology hiring agenda, becoming the most sought‑after and among the highest‑paid technical skill sets. 

Amid intensifying cyber incidents and mounting regulatory pressures, businesses are offering salary premiums to compete for a limited pool of qualified security professionals according to new research from global talent solutions firm Robert Half.

The firm’s latest data reveals intensifying pressure on the UK tech talent market, with cybersecurity emerging as the single highest priority skill set for employers, cited by 48% of technology leaders. This is matched by strong hiring intent: 44% of companies plan to recruit for cybersecurity and IT security roles within the next six months, outpacing all other technical specialities.

Skills shortages are driving salary premiums

As the talent gap widens, Robert Half’s data reveals employers are relying on premium pay packets to attract talent. 

The findings show 44% of employers report cybersecurity skills as a primary driver of salary increases within their IT functions. This mirrors global trends, with the WE estimating a worldwide shortage of over four million cybersecurity professionals, fuelling competition and inflating salaries as employers try to secure scarce expertise.

But with demand far outstripping supply, employers are being forced to rethink how they attract, develop and retain critical security talent.

Roles in cybersecurity on the up

Robert Half's proprietary job posting database reveals strong growth in the UK cybersecurity job market in the past year, with overore than 6,000 new security roles advertised nationwide, a 14% increase over the previous year.

Demand was highest for Information Security Analysts, with over 3,100 new vacancies, reflecting a significant (29%) year‑on‑year rise. The role of Information Security Manager also remained in strong demand, with over 1,300 new postings and an 8% year-on-year increase.

The UK’s leading hubs for cybersecurity hiring in the past year were London (over 2,200 new roles), Manchester (around 450 roles), Bristol (around 350 roles), and Birmingham (around 350 roles), underlining ongoing demand for specialist security talent across both major metropolitan and regional markets.

https://www.roberthalf.com/gb/en

Offensive Security Becomes Business-Critical as UK Faces Major Cyber Incidents

The scale, frequency, and sophistication of cyberattacks in the UK have escalated sharply throughout 2025, causing widespread operational disruption and mounting economic damage. 

Recent data and high-impact incidents show that organisations can no longer rely on periodic audits or reactive security measures. 

As a result, organisations are being challenged to rethink their security strategy and embrace an offensive mindset.

Major UK Attacks Rise By Over 50%

The National Cyber Security Centre’s (NCSC) Annual Review 2025, covering the period from September 2024 to August 2025, underscores the severity of the situation. 

During this time, the NCSC handled 204 nationally significant cyber incidents, an increase of more than 50% compared to the previous year. 

The review also reported four high impact attacks every week, each capable of disrupting essential services across the country and causing widespread operational and economic disruption.

In worst case scenarios, such attacks could compromise not only business operations but critical national infrastructure too. 

The government is now urging organisations to take stronger action to protect the UK economy and make cyber resilience a board-level responsibility.

The economic stakes are equally stark. The recent cyberattack against Jaguar Land Rover, which is thought to be the largest cyber incident in UK history, has been estimated to cost the UK economy £1.9 billion. This led to Jaguar Land Rover having to shut down systems across their factories and offices, with knock-on effects extending to as many as 5,000 organisations in its supply chain.

Richard Horne, CEO of the NCSC, issued a clear warning. He told That's Technology: “Cyber security is now a matter of business survival and national resilience. The best way to defend against these attacks is for organisations to make themselves as hard a target as possible.”

Offensive Security: Thinking Faster Than the Attacker

Keith Poyser, Vice President for EMEA at Horizon3.ai, explains organisations can only become “harder targets” by adopting an offensive, attacker-like mindset: 

“Organisations must think faster than potential attackers. All attack surface, ongoing penetration testing is the only reliable way to determine whether hackers can break in and whether an organisation’s security controls are genuinely effective. 

"Validate your defences in the context of your environment, don’t guess or rely on noisy low relevance vulnerability lists alone”

Although penetration testing has existed for decades, it's traditionally been conducted only annually or quarterly, and purely by humans, which is no longer adequate given the speed at which attackers evolve. We have already seen AI tools misused to rewrite attacks on the fly adapting to defences or detection technologies.

Continuous, autonomous pentesting via platforms such as Horizon3.ai’s NodeZero® Offensive Security Platform allow organisations to validate their security posture as frequently as needed, even daily, without the cost, delays, or limitations of manual-only tests. With them, businesses can emulate attacker techniques in live environments and integrate them seamlessly with agile and DevOps workflows, aligning security testing with how software is actually built and deployed today.

Horizon3.ai’s own Cybersecurity Report UK 2024/25 which collected responses from managers with IT level responsibility in 150 UK organisations confirms many organisations aren't taking the right approach to face today’s rapidly evolving threat landscape.

When asked whether they take a purely defensive stance against cyber threats, or if they conduct offensive exercises to identify risks and vulnerabilities, results showed 34% reported using only defensive measures, 21% focus on defence but occasionally conduct offensive exercises, and only 12% conduct offensive exercises internally. A further 15% were unsure how to approach this, while 18% said they outsource offensive exercises entirely.

Another question asked which technology, solution or practice they believed would significantly improve their security. 12% said they would want more budget funds, while 37% said they want to know exactly where they are vulnerable so they can proactively address weaknesses, a clear indication of the need for autonomous penetration testing. 26% responded that they would need to convince the leadership that cybersecurity must be a top priority.

Cybersecurity Must Become a Board-Level Responsibility

Government bodies, industry regulators, and customers are increasingly urging CEOs, boards, and senior leaders to take explicit, personal ownership of cyber risk. This shift reflects a broader recognition that cybersecurity is now a core component of organisational stability, operational continuity, and economic resilience.

Penetration testing plays a pivotal role in meeting these heightened expectations and has become a cornerstone of both operational and economic resilience. By continuously validating defences, organisations can reduce their Mean Time to Remediate (MTTR), lower the cost of fixing weaknesses, and significantly strengthen their overall security posture. Regular testing also supports risk-based vulnerability management, enhances audit readiness, and creates a verifiable record of due diligence—ultimately easing the burden of compliance.

Due Care and Due Diligence as Foundations of Cyber Risk Management

In cybersecurity, two fundamental principles form the backbone of effective risk management: due care and due diligence (Paired with a duty to know). Due care refers to the proactive steps an organisation takes to protect its systems, data, and users, such as enforcing security policies, fixing weaknesses, and carrying out regular risk assessments.

Due diligence, on the other hand, is the ongoing validation of whether those protective measures are actually working. It involves activities such as penetration testing, reviewing third-party risks, and verifying alignment with industry standards. Where due care is about implementing safeguards, due diligence is about proving they stand up in real-world conditions.

Keith Poyser added: “Together, they ensure  organisations are not only putting security controls in place but also continuously confirming their effectiveness. Continuous pentesting is central to this process, providing the evidence organisations need to demonstrate their cyber resilience.”

www.horizon3.ai

CaseMatrix Limited Announces Official Launch: A Revolutionary Approach to Cyber Breach Litigation

Behind each and every individual data breach statistic is a real person at the heart of it. At CaseMatrix, they report that they are dedicated and committed to ensuring those individual people are not just numbers.

CaseMatrix Limited, which is a pioneering firm focusing on bridging the gap between cyber breach victims and legal recourse, is thrilled to announce its official launch. 

A spokesperson said: "With a unique service offering, we at CaseMatrix aim to transform the landscape of cyber breach litigation by connecting legal professionals with affected people, ensuring that every victim has their voice."

Founded by Jake Rogers and Rob Moore, who are two seasoned professionals with extensive backgrounds in cybersecurity and legal consultancy, CaseMatrix leverages a unique methodology to identify and reach out to cyber breach victims. 

By offering them cybersecurity support and notifying them of breaches, the company ensures a seamless transition from breach notification to required legal action.

Key Highlights of CaseMatrix Limited:

Victim-Centric Approach: At the heart of CaseMatrix's operations is a deep commitment to the well-being of all cyber breach victims. The company's primary goal is to ensure every individual affected by a breach is informed, supported, and has the chance to seek legal justice.

Unique Methodology: CaseMatrix's innovative approach involves actively reaching out to individuals as security experts, notifying them of the breaches, and offering them cybersecurity support. This methodology not only ensures compliance with legal regulations but also builds trust with potential claimants.

Collaboration with Legal Firms: CaseMatrix works closely with legal firms, understanding their litigation aims, and providing them with a refined set of profiles. This targeted approach ensures legal professionals receive only viable cases, saving them both time and resources.

There are Zero Upfront Costs: With a standard introducer's agreement, legal firms can collaborate with CaseMatrix without any financial commitment until the actual referral process commences.

Says Jake Rogers, co-founder of CaseMatrix: "Our vision is entirely clear: To ensure all data breach victims are represented and has access to legal justice. With the rise in cyber incidents, our services are more crucial than ever before. We're very excited to work alongside legal professionals to make a tangible difference."

Rob Moore went on to add: "Behind every data breach statistic is a real person. At CaseMatrix, we're committed to ensuring these individual people aren't just numbers but are given the support and representation they need and deserve."

For more information about CaseMatrix Limited and its services, visit www.case-m.com.

"CaseMatrix Limited is a UK-based firm dedicated to connecting cyber breach victims with legal recourse. With a unique approach and a deep commitment to victim welfare, the company aims to revolutionise cyber breach litigation, ensuring that every affected individual has a voice."