UK’s AI ambitions pointless while cyber security is still neglected

The UK’s AI ambitions may be at considerable risk without stronger cyber defences across the private and public sectors

With only 13% of UK organisations charitably described as “resilient” to cyber crime, the country’s ambitious plans to become a global superpower in the field of artificial intelligence (AI) will come to nothing unless cyber security is taken more seriously, according to the Mission critical: Unlocking the UK AI opportunity through cybersecurity report, published by Microsoft.

Microsoft teamed up with researchers from Goldsmiths, University of London to benchmark the state of cyber security across the UK’s private and public sectors. The resulting report described 48% of UK organisations as vulnerable to cyber attacks and an additional 39% as being at high risk, based on self-reported performance against a new model of resilience developed by Chris Brauer, director of innovation at Goldsmiths Institute of Management Studies (IMS).

Overall, the resulting report acknowledges the UK is a global leader in cyber security and performs strongly against current international indices, but warns that as threat actors increasingly adopt AI technology in the service of enhancing aspects of their cyber attacks, organisations would do well to “fight fire with fire” and deploy AI themselves to bolster their defences. Brauer estimated that there could be a £52bn annual dividend in it for the UK economy, cutting the annual cost of cyber attacks from £87bn.

“The UK has phenomenal potential to lead the world in the use of AI – an unprecedented opportunity to supercharge our economy and transform our public services,” said Brauer.

“But that future must be built on secure foundations. To become an AI superpower, the UK must maintain its position as a cyber security superpower. With so many organisations shown to be vulnerable to cyber crime, our research surfaces both the urgency of the issue, and useful actions that leaders can take to boost the country's cyber resilience.”

Microsoft UK security business group director Paul Kelly added: “Cyber criminals, some armed with the resources of a nation state, are tooling up with AI to increase the sophistication and intensity of their attacks. This research outlines 52 billion reasons for organisational leaders to fight fire with fire.

“The same AI technologies can help leaders better secure their organisation and tip the balance back in their favour. AI has the potential to make your business and data more secure, but also, if a cyber attack were to occur, to lessen the impact on your bottom line.”

Read more about AI in cyber security

  • After a year being previewed by beta customers, Microsoft’s much vaunted Copilot for Security service is about to go on general release, promising time savings and improved accuracy for hard-pressed security pros.
  • AI holds great promise when it comes to securing valuable, and vulnerable, data, but security teams face some challenges if they are to get the best out of it, writes IBM’s Christopher Meenan.
  • The NCSC and its US counterpart CISA have brought together tech companies and governments to countersign a new set of guidelines aimed at promoting a secure-by-design culture in AI development.

Those that have already begun to incorporate AI-backed cyber offerings into their defensive playbooks may already be reaping the benefits, as the research appeared to show they had on average twice the resilience to cyber incidents as those who did not do so.

Fortunately, a majority of security decision-makers and security professionals appeared to already be on board with the report’s findings, with over half seeing a lack of robust protection as a threat to economic growth in the UK, and two-thirds agreeing that the country needs stronger cyber security defences if it is to meet its wider AI goals.

Next steps

The report goes on to set out five opportunities for the UK to maintain its existing cyber superpower status:

  • Support and facilitate mainstream adoption of AI in cyber, while working to inspire more creative approaches to security challenges;
  • Target prioritised and precise investment and encourage organisations to focus on buy-and-build or off-the-shelf configurations;
  • Use nationally incentivised skills programmes, on-the-job training, and make better use of partnerships with academia to cultivate more talent;
  • Invest in more public-private research and development partnerships and support innovative AI entrepreneurs, at the same time incorporating learnings from cyber incidents into cross-industry alliances for preparedness;
  • Do more to support simple and safe adoption of AI-enabled cyber services, working across sectors on outcomes-based guidance that aligns to current and future international standards.

Read more on Business continuity planning