What IT leaders in the UK are prioritising for their next big investment
Across dozens of recent high-level roundtables with UK IT leaders, a new strategic consensus is emerging. AI may dominate the headlines, but for the executives actually holding the budgets, the real investment priorities reflect something far more grounded: operational efficiency, data control, and trust-building inside complex organisations.
We analysed discussions among CIOs, CTOs, and heads of digital and data across banking, healthcare, law enforcement, public sector, and enterprise-scale companies. What surfaced is a revealing snapshot of where IT investments are headed, beyond the noise.
Below is a summary of the key insights and statistics shaping large-scale IT investment decisions in the UK today.
Generative AI: Widespread pilots, cautious scale
While 90% of roundtable participants were either in pilot or exploration stages with generative AI, only 15% had deployed it at scale. Most deployments were tied to Microsoft Copilot and similar LLM tools, focused on administrative support like meeting transcription, trader surveillance, or initial content generation.
- One banking group is piloting Copilot with 5,000 users out of 60,000, focusing on operational uplift, not transformation.
- Another enterprise uses AI to generate 60–70% of investment pitch books, reducing production time dramatically.
- A council expects AI to cut M&A processing time from three weeks to a few days.
Yet even as these trials grow in ambition, none claimed significant revenue generation. Instead, AI is being framed as a cost-efficiency and augmentation tool, not a revenue engine.
AI governance and ethics: The new foundations
Amid pilot buzz, governance emerged as the bedrock. Over 70% of organisations reported creating new frameworks or internal working groups to govern AI adoption.
- One public sector IT director noted that without clear policy, “we’d be hallucinating our way to legal action.”
- In highly regulated sectors like finance and law, AI systems are being assessed not just for functionality but legal admissibility and auditability.
Some firms are limiting AI to trusted data sources like Bloomberg, Refinitiv, or their own internal lakes. The message is clear: if AI can’t be governed, it won’t be scaled.
The most investable AI use cases
A recurring theme was separating high-promise from high-risk AI use cases. Among the most investable:
| Use Case | Adoption Level | Reported Benefits |
|---|---|---|
| Document drafting (e.g., pitchbooks) | Pilot | Up to 70% time saved |
| Code review & software QA | Pilot | Faster debugging, improved code hygiene |
| Risk analysis in trading | Pilot | Early identification of P&L red flags |
| Contact centre automation | Planning | Reducing non-emergency call load by ~40% |
| Meeting transcription | In Use | Time saved for exec teams and analysts |
| AI co-pilots for internal tools | In Use | Accelerated onboarding and task execution |
Notably, all of these prioritise efficiency over disruption.
Data chaos is stalling transformation
If AI was the ambition, data management was the obstacle. Across industries, disjointed data ecosystems and spreadsheet-based workarounds remain rampant.
- A housing group IT leader admitted: “We reset the data journey every September, 28,000 users. We still rely on end-user Excel.”
- A finance head revealed over 18 entities each using inconsistent data collection methods.
- In healthcare, integration efforts are stymied by disparate dashboard platforms, requiring costly manual stitching of insights.
Centralisation, standardisation, and self-service analytics were common goals, but few had achieved them. Expect significant investments in data lake architecture, automated governance layers, and analytics training over the next 12–18 months.
Cybersecurity is becoming everyone’s job
A notable shift emerged in how UK organisations approach cybersecurity: from siloed infosec teams to distributed accountability.
- One education institution highlighted training 12,000 staff and 39,000 students with “no-blame” cultures and personalised security briefings.
- Over 60% of organisations are embedding cybersecurity awareness in onboarding and team charters.
- Phishing simulations and adaptive learning tools are gaining traction, particularly in healthcare, banking, and public service sectors.
There’s also a growing push to reframe security not as a blocker, but as a business enabler, critical to IT’s credibility in cross-departmental partnerships.
Talent gaps threaten AI momentum
While enthusiasm for AI is high, skills remain a blocker. In the public sector and SME environments especially, leaders voiced deep concern about access to AI expertise.
- One leader in law enforcement noted: “We’re either locked into vendors or stuck with generalists. Building internal capability is slow but essential.”
- Several firms are exploring hybrid models, blending supplier partnerships, AI upskilling for existing staff, and external contractors for specialist tasks.
Despite these challenges, data engineer and AI product owner roles are being prioritised over traditional software engineering in hiring plans.
Cost scrutiny and the six-month ROI rule
Even among innovation-hungry firms, budget caution rules the day. One enterprise leader summed up the challenge:
“Every AI project has to show ROI in six months or less, unless it’s absolutely critical tech debt.”
To meet this demand, several firms have adopted “MVP-led transformation”, rolling out small-scale tools, measuring outcomes obsessively, and expanding only where value is proven.
- One group identified 50 credible AI use cases from a campaign of 100 employee-generated ideas, prioritising only the most scalable.
- Another is leveraging Microsoft funding and MVP grants to de-risk experimentation.
The lesson: tactical wins now unlock future strategy.
Culture, not code, remains the key barrier
Technology isn’t the blocker, mindset is. Across every sector, leaders reported cultural inertia, risk aversion, and legacy mentalities as the biggest barriers to progress.
- One council leader confessed: “Our directors are terrified of court costs if AI goes wrong.”
- A retail security chief noted: “Even small changes, like switching authentication protocols—trigger months of resistance.”
- Legal teams in some firms are ordering staff to leave meetings where AI transcription is used.
To combat this, CIOs are leaning into employee engagement campaigns, “innovation sandboxes,” and cross-departmental taskforces that bring AI down to a human level.
Summary of investment priorities
From these discussions, the clearest areas of IT investment priority across large UK organisations are:
- Data management platforms – Data lake architecture, metadata tagging, single source of truth initiatives.
- AI for efficiency, not disruption – Document automation, risk analytics, transcription, contact centre assistants.
- Governance and policy frameworks – AI usage policies, legal review protocols, access control systems.
- Cybersecurity enablement – Distributed security awareness, automated defence layers, phishing simulations.
- Workforce transformation – Upskilling, AI adoption training, recruitment of AI/data specialists.
- Low-risk innovation pilots – MVP-led AI initiatives, hackathons, cross-functional use case evaluations.