UK Cybersecurity – AI Risk Meets AI Opportunity

The UK faces a critical moment as AI integration brings both vast opportunities and daunting challenges.

As the nation grapples with the complexities of safeguarding digital infrastructure, the intersection of AI-driven innovations and cybersecurity imperatives demands a strategic approach to harnessing the potential while mitigating inherent risks.

Microsoft in conjunction with Goldsmiths, University of London released a major report into the state of cybersecurity in the UK – and the coming impact of AI attack vectors (and AI mitigation). It’s called ‘Mission Critical: Unlocking the UK – AI Opportunity Through Cybersecurity’.

With cyberattacks already costing UK organizations more than £87 billion each year, cybersecurity is front of mind for many. And so is the juxtaposed position of AI – in terms of opportunities, and threats. Most eye-watering perhaps, the research finds that ‘in the age of AI’ some 87% of UK organisations are vulnerable to cyberattacks - with only 13% considered as resilient to cybercrime.

The landmark Bletchley Declaration, signed by 28 countries in November 2023, warned of the risks associated with the capabilities of AI models. But, and here’s such a key point: the Bletchley Declaration also commences with this phrase: “Artificial Intelligence (AI) presents enormous global opportunities: it has the potential to transform and enhance human wellbeing, peace and prosperity.”

So while cyberattacks are a significant risk – with AI (and GenAI) driving much of the new, emerging and ever converging risks – it’s also true that AI holds a lot of promise in terms of mounting stronger, more comprehensive and proactive cybersecurity defences. Supporting this, Microsoft outlines 5 core pillars to enhance the UK’s defences against AI enabled attacks, namely supporting widespread adoption, targeting investment, cultivating talent, fostering research and knowledge sharing, and taking a leadership position on AI governance.

UK Cybersecurity in Context

While the potential benefits of AI-powered cybersecurity are significant (increased resilience, reduced attack costs etc), UK organizations arguably lag in adoption. And this points to deeper concerns with the state of cybersecurity within the UK. A significant issue is the lack of awareness about the true costs of cyberattacks and especially recovery times. This underscores the need for cybersecurity responsibility to extend beyond IT and into the entire organization. Microsoft’s report divided UK organizations into three categories:

· Resilient (13%): Secure by design, using AI extensively for risk detection and response.

· Vulnerable (48%): Have basic defenses but need further investment and AI adoption.

· At High Risk (39%): Not prioritizing cybersecurity, lack sophisticated AI across the business.

It’s clearly a small proportion of organisations that fall into resilient category, and a large group that remains at high risk. The UK's National AI Strategy provides a helpful framework for organizations. Additionally, academic partnerships support businesses that may not have internal AI innovation capabilities. However, a worrying number of organizations remain unprepared for a cyber threat landscape that is escalating in scope, scale, sophistication and diversification in threats too. Key concerns like ethics and privacy must also be addressed alongside cybersecurity efforts.

In particular, decision-makers (49%) and security experts (70%) fear the increased use of AI poses risks to their organisation, whilst the majority of senior security professionals (60% and decision-makers (52%) fear that current geopolitical tensions will raise cyber risks to their organisation. There are interesting disparities between industries too, with technology companies (70%) & financial institutions (65%) reporting far ahead of retailers (26%) and education (29%).

Using AI to fight AI

The AI cybersecurity sector is set to be worth $135 billion by 2030. There’s a reason for that: the report suggests that organisations that use AI-enabled cybersecurity are twice as resilient to attacks as those that do not, while they also suffer 20% less costs when attacked.

In aggregate, the UK economy could save billions annually through the widespread adoption of AI-enabled cybersecurity. UK leadership needs to address skills gaps, upskill existing employees, and attract new tech-savvy talent. It also helps address challenges around data quality, alert prioritization, and security posture.

The push for UK businesses to adopt AI-powered cybersecurity is not just about money – it's about building a more robust security landscape and maintaining a global leadership position. Fusing cybersecurity and AI advancements is crucial for systems to self-correct and adapt to evolving threats.

While only a minority of UK organizations are considered truly resilient, there are clear steps business leaders can take to enhance the security of their organizations and contribute to the UK's growth – and implementing AI in terms of protecting against threats, is a key start.

Core Capabilities and Key Behaviours

Microsoft suggests that capabilities must be combined with behaviours. For cybersecurity, a strong defence relies on well-designed systems, clear procedures, and effective cybersecurity tools. Organizations need skilled cybersecurity professionals well versed in the AI aspects of cybersecurity, and equipped with a sufficient budget to invest in both protection and mitigation.

As cyber threats evolve with AI, organizations must also use AI to become more adaptable and automated in their defense and invest in research, development, and innovative AI-powered cybersecurity solutions, often through the support of external partners.

As for behaviours: organisations must foster a culture that embraces good cybersecurity governance and is receptive to innovative security approaches. That includes clear policies on responsible AI use and promoting knowledge sharing across the organization to build cybersecurity expertise.

Leadership must actively champion cybersecurity best practices and empower employees across all levels to contribute to a secure environment. Building trust, both internally and with external stakeholders, is essential for effective decision-making and optimal preparedness against cyber threats. The UK’s launch of the inaugural AI Safety Summit in late 2023 at Bletchley Park is a good example of cross-sector collaboration in action, especially regards AI risks at the frontier of development.

Next Steps for the UK

The UK has the potential to be a global hub for AI innovation and development. To achieve this goal, the nation must invest strategically to bolster its cybersecurity posture, particularly through the use of AI-enabled defenses.

According to Clare Barclay, CEO, Microsoft UK, “I know from my conversations with business and government leaders across the UK, that they are keen to use AI to help bolster their defence against cyberattacks. Doing so will not only help their operations, but also help attract future investment.”

Steps in Microsoft’s blueprint for success include leadership as the government must prioritize cybersecurity and support responsible AI development. That includes encouraging investment in cyber resilience, secure AI development, and sandboxing environments for testing.

There must be an effort to promote collaboration and knowledge-sharing between industry and government through public-private partnerships, open-sourcing, and threat awareness alliances.

Developing a skilled workforce is crucial, with the attraction and nurturing of cyber talent absolutely necessary to compete in the global landscape. Microsoft itself has already committed to invest £2.5Billion into the UK, to build and develop AI skills, datacentres and security. Finally, collaboration is vital for success: businesses, government, and academia must work together for stronger defenses, shared knowledge, shared responsibility and ultimately shared value too.

About the Author

A highly experienced chief technology officer, professor in advanced technologies, and a global strategic advisor on digital transformation, Sally Eaves specialises in the application of emergent technologies, notably AI, 5G, cloud, security, and IoT disciplines, for business and IT transformation, alongside social impact at scale, especially from sustainability and DEI perspectives.

An international keynote speaker and author, Sally was an inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations, and has been described as the "torchbearer for ethical tech", founding Aspirational Futures to enhance inclusion, diversity, and belonging in the technology space and beyond. Sally is also the chair for the Global Cyber Trust at GFCYBER.