A report from Microsoft and Goldsmiths at the University of London has found that only 13% of UK businesses are resilient to cyber attacks, with 48% considered vulnerable and the remaining 39% facing high risk.
A survey of 1,039 senior business decision-makers and 1,051 employees revealed that the majority of UK organizations lacked adequate cybersecurity tools or processes. Microsoft warned that this left 87% of organizations exposed to security threats at a time when bad actors were using AI to launch more sophisticated attacks (Figure A).
Figure A
Highlights from Microsoft and Goldsmiths research
|
The UK fails to live up to its “AI superpower” title
According to the report, titled Mission critical: unlocking the UK AI opportunity through cybersecurityCyberattacks currently cost the UK approximately £87 billion ($111 billion) each year.
The report's authors argued that UK businesses' lack of resilience to cyberattacks contradicted the country's ambition to become a global leader in artificial intelligence, symbolized by the signing of the Bletchley Declaration in November 2023 and the National AI Strategy in 2021, an ambitious ten-year plan that seeks to promote AI in business and attract international investments.
SEE: Cyber League: UK NCSC calls on industry experts to join its fight against cyber threats
Microsoft UK CEO: British organizations must be prepared to fight fire with fire
In the study, 52% of security decision makers and 60% of senior security professionals expressed concern that current geopolitical tensions could increase cybersecurity risks for their organizations.
As a result, more than half (55%) saw inadequate protection as a potential threat to the UK's economic expansion, while around two-thirds (69%) recognized the need for better cybersecurity defenses to achieve the UK's ambition. United to globally lead AI.
Meanwhile, Microsoft recently committed £2.5 billion ($3.2 billion) to expand its artificial intelligence capabilities in the UK as part of its plans to boost the country's AI sector.
In a foreword to this new report, Claire Barclay, Microsoft's UK chief executive, said the UK could only meet its AI aspirations if businesses invested in cybersecurity processes and updated their security toolsets so that coincided with those of the bad actors.
“Just as businesses and governments are eager to harness the potential of AI, so are bad actors. Traditional complementary security solutions can no longer keep pace with the threat posed by cybercriminals, meaning UK organizations must be prepared to fight fire with fire,” Barclay said.
“Unless we arm ourselves with AI-based cyber defenses that are stronger than AI-based cyber threats, it will be difficult, even impossible, for us to grow and ultimately prosper as a nation.”
SEE: Definition of generative AI: how it works, benefits and dangers
How AI boosts cybersecurity capabilities
Paul Kelly, director of Microsoft UK's Security Business Group, said in the report that the right AI technologies could increase companies' ability to detect and mitigate cybersecurity threats by automatically identifying complex patterns and anomalies that human analysts they could be overlooked.
“AI for Cybersecurity uses AI to analyze and correlate cyber threat data across multiple sources, turning it into clear, actionable insights. Security professionals can use this knowledge to conduct further investigations, responses and reports,” Kelly said.
“If a cyberattack meets certain criteria defined by an organization's security team, AI can also automate the response and isolate affected assets. “Generative AI goes a step further by producing original natural language text, images and other content based on patterns in existing data.”
Potential financial benefits of AI-enhanced cybersecurity for UK businesses
The report highlighted the potential benefits of AI-enhanced cybersecurity.
For businesses of various sizes, a typical cyber attack costs £20,700 ($26,300 USD), while larger organizations face an average cost of £148,700 ($189,800 USD). However, companies that implemented AI-based cybersecurity tools saw this spend decrease to £16,600 ($21,200 USD), representing a 20% cost reduction. The report attributed this to the ability of AI security tools to more quickly identify and react to cyber threats.
The six dimensions of an effective Al defense
Understanding current cybersecurity capabilities is crucial for companies looking to improve their defenses against AI threats.
Goldsmiths researchers developed an assessment model based on six key areas to evaluate the cybersecurity strategies of UK organizations (Figure B):
- Resources.
- Agility, AI and automation.
- R&D&ie innovation.
- Transparency and technical knowledge.
- Organizational acceptance.
- Confidence and mentality.
Figure B
The model was designed to align with the criteria used in international benchmarks to establish robust cybersecurity measures. Based on this model, the report found that only a fraction of UK organizations could be considered resilient to the changing threats posed by AI.
Cyber awareness must be spread throughout organizations
The report also highlighted a gap in cybersecurity awareness among UK decision-makers.
Specifically, 27% are unaware of the costs associated with successful cyberattacks and 53% are unsure of recovery times from such incidents. This contrasts with a higher level of understanding among security professionals, indicating the importance of spreading cybersecurity awareness throughout organizations.
Likewise, the study highlighted a notable difference of opinion when it comes to the risks posed by Internet of Things devices: 38% of senior security professionals said they were concerned about the IoT, compared to 12% % of decision makers. This suggests that improving knowledge about cybersecurity risks and mitigation strategies is critical for organizations, according to the report.
A five-step plan for better cybersecurity using AI
The report offered a plan for government and business leaders designed to build resilient cyber defenses and use AI effectively. Here are five key steps to guide the development of strong protections while leveraging AI technology:
- Support the widespread adoption of AI in cybersecurity: Encourage rapid adoption of AI defenses and innovative cyber strategies.
- Target investment: Guide organizations toward targeted investments in AI solutions, whether customized or off-the-shelf.
- Cultivate talent: Leverage skills programmes, on-the-job training and partnerships to improve UK cybersecurity skills.
- Promote research and knowledge exchange: Invest in R&D partnerships and promote knowledge sharing on cyber attacks for better preparedness.
- Support simple and safe adoption: Collaborate with leaders from diverse sectors to provide clear, standards-aligned guidance for AI implementation.
SEE: UK deep tech faces major diversity challenge, according to Royal Academy of Engineering
In Press release Accompanying the report, Dr Chris Brauer, Chief Innovation Officer at Goldsmiths, said: “The UK has phenomenal potential to lead the world in the use of AI, an unprecedented opportunity to boost our economy and transform our services. public. But that future must be built on secure foundations.”
He added: “To become an AI superpower, the UK must maintain its position as a cybersecurity superpower. “With so many organizations proven vulnerable to cybercrime, our research highlights both the urgency of the problem and useful actions leaders can take to boost the country’s cyber resilience.”