Security

AI leaves 87% of UK organisations vulnerable to cyberattacks

Posted 18 March 2024

According to a new report released today by Microsoft in collaboration with Dr Chris Brauer at Goldsmiths, University of London, 87% of UK organisations are vulnerable to cyberattacks in the age of AI.

Above: Click here to download a pdf of the report Mission Critical: Unlocking the UK AI Opportunity Through Cybersecurity
Courtesy Microsoft UK

AI is the defining technology of our time. It dominates conversations in boardrooms, newsrooms and everywhere in between. It is driving positive impact, increasing productivity, and helping businesses supercharge their operations.

Yet just as businesses and governments are keen to tap into AI’s potential, so are bad actors. Traditional add-on security solutions can no longer keep pace with the threats posed by cybercriminals.

As the UK government has recognised – to lead in AI, you must first be able to trust the technology. Secure foundations will be critical for AI adoption. Encouragingly, the UK government has already taken a global leadership position on AI safety. Principles of privacy, safety, accuracy and security are central to the Bletchley Declaration and the country was ranked fourth in the National Cyber Power Index in 2022 and second in the Global Security Index.

Nonetheless, bad actors are leveraging AI to execute a higher number of more sophisticated and rapid attacks. The risk level is only going to increase and British organisations must be ready to fight fire with fire.

This is according to the report released by Microsoft in collaboration with Dr Chris Brauer at Goldsmiths, University of London - Mission Critical: Unlocking the UK AI Opportunity Through Cybersecurity - which states that in order for the UK to realise its ambition of becoming a global ‘AI superpower’, it must cement its position as a ‘cybersecurity superpower.’

The report points to work to be done, classing 89% of UK organisations as ‘Vulnerable’ to cyberattacks. This includes 39% who are in an even more precarious ‘At High Risk” state, based on self-reported performance against a new academic model of cyber resilience, developed by the research team.

However while the picture the report paints is troubling, it also identifies incredible opportunity. If we act now, we can supercharge the UK’s cybersecurity resilience and become a leading AI superpower.

The report features insights and surveys from over 1,000 senior leaders at UK private and public sector organisations, including 200 senior cybersecurity decision makers, as well as more than 1,000 employees across the country.

Fighting fire with fire
AI-powered cyberattacks can threaten supply chains, throw essential systems into disarray, or lead to leaks of sensitive data. Yet if AI manipulated by malevolent hands is a leading threat to the nation’s cybersecurity, responsibly deployed AI could also be our most critical defence.

AI can track and analyse cyber threats from multiple sources, enabling security professionals to respond as rapidly and smartly as possible. Where appropriate, AI can also mount an automatic response. Yet the report shows that just 27% of UK organisations are currently using AI to strengthen their cyber security. The rest are missing out, not just on the most robust form of defence but on a huge opportunity to develop their AI strategy.

Paul Kelly, Director of the Security Business Group at Microsoft UK, said: “Cyber criminals, some armed with the resources of a nation state, are ‘tooling up’ with AI to increase the sophistication and intensity of their attacks.

“This research outlines 52 billion reasons for organisational leaders to ‘fight fire with fire’. The same AI technologies can help leaders better secure their organisation and tip the balance back in their favour. AI has the potential to make your business and data more secure, but also, if a cyberattack were to occur, to lessen the impact on your bottom line.”

Saving £52 billion a year
Indeed, investing in AI-focused cybersecurity could render us not only stronger and safer as a nation but more economically secure. Cyberattacks currently cost the UK an estimated £87 billion every year, and such attacks are increasing in number and complexity. The report reveals that stronger cybersecurity could potentially save the UK economy £52 billion a year.

Furthermore, it suggests that businesses that incorporate AI into their security strategy might suffer 20% lower financial losses after a successful attack. AI-enabled cybersecurity has the potential to boost the UK economy for years to come – not least by allowing the UK to become a beacon state for safe, responsible AI, and in turn, becoming ever more attractive to investors.

Becoming an AI superpower
The AI leadership race is on, and the UK needs to be quick out the gate. In 2021 the government launched the National AI Strategy, an ambitious 10-year plan to make the country an 'AI superpower'. The aim is to boost AI in business, attract international investment and foster the next generation of tech stars – but for the UK to fulfil this promise, it should continue to place equal focus on its cybersecurity infrastructure.

Sixty-nine per cent of the decisionmakers who contributed to the report reported that the UK urgently needs stronger cybersecurity defences to become a global AI leader.

Providing a blueprint for AI and cyber success
While there is plenty in the report that might make us pause, it is just as much a call to action. It offers up an idealised model for government and business leaders to build resilient cyber defences and harness the opportunity of AI. There are five key focuses:

Support widespread adoption of AI in cybersecurity: Widespread facilitation of more rapid adoption of AI-enabled defences, while inspiring ever more creative cyber approaches among the nation’s security professionals.
Target investment: Investment must be prioritised and precise, with organisations encouraged to focus on buy-and-build configurations or off-the-shelf solutions.
Cultivate talent: The UK should use nationally incentivised skills programmes, on-the-job learning, and public-private partnerships with academic institutions to better cultivate UK talent. For its part, Microsoft announced a landmark £2.5 billion investment in data centres, AI skills and security in the UK late last year. Yet for the UK to unlock its true potential, the commitment to cyber security needs to be universal.
Foster research and knowledge sharing: Continue to invest in public/private R&D partnerships while supporting entrepreneurs to innovate on AI’s frontier. Learnings from cyberattacks should form the basis of nationwide, cross-industry alliances for cybersecurity preparedness, turning threat awareness into readiness and, ultimately, mitigation.
Support simple, safe adoption: Continue to work with business leaders across sectors—from healthcare to manufacturing, and from the military to finance — on simple, outcomes-based guidance, aligned to international standards, to encourage the safe and secure deployment of AI.

The blueprint outlined in the report offers a platform from which to drive forward, setting the stage for the UK and its organisations to attract top talent, accelerate innovation and take a genuine leadership position.

Dr Chris Brauer, Director of Innovation at Goldsmiths, University of London concluded: “The UK has phenomenal potential to lead the world in the use of AI – an unprecedented opportunity to supercharge our economy and transform our public services. But that future must be built on secure foundations. To become an AI superpower, the UK must maintain its position as a cybersecurity superpower. With so many organisations shown to be vulnerable to cybercrime, our research surfaces both the urgency of the issue and useful actions that leaders can take to boost the country’s cyber resilience.”