A report from Microsoft and Goldsmiths at the University of London reveals that only 13% of UK businesses are resilient to cyberattacks, with 48% considered vulnerable and the remaining 39% facing high risk.
A survey of 1,039 business decision-makers and 1,051 employees found that the majority of UK organizations do not have adequate cybersecurity tools or processes in place. Microsoft warned that this exposed 87% of organizations to security threats at a time when bad actors were using AI to launch more sophisticated attacks (Figure A).
Figure A
Microsoft and Goldsmiths Research Highlights
|
The UK is not living up to its title as an ‘AI superpower’
According to the report entitled Mission critical: unlocking AI opportunities in the UK through cybersecurityCyberattacks currently cost the UK around £87 billion ($111 billion) each year.
The report’s authors argued that the lack of resilience of UK businesses in the face of cyberattacks was at odds with the country’s ambition to become a global leader in AI, symbolized by the signing of the deal Bletchley’s statement in November 2023 and the National AI Strategy in 2021, an ambitious ten-year plan which aims to boost AI in business and attract international investment.
SEE: Cyber League: UK NCSC calls on industry experts to join its fight against cyber threats
Microsoft UK CEO: UK organizations must be prepared to fight fire with fire
In the study, 52% of security decision makers and 60% of senior security professionals expressed concern that current geopolitical tensions could worsen cybersecurity risks for their organizations.
As a result, more than half (55%) see inadequate protection as a potential threat to the UK’s economic expansion, while around two thirds (69%) recognize the need for better security defenses. cybersecurity to realize the UK’s ambition to become a world leader in AI.
Microsoft, for its part, recently committed £2.5 billion ($3.2 billion) to expand its artificial intelligence capabilities in the UK as part of plans to fuel the country’s AI sector.
In the foreword to the new report, Claire Barclay, CEO of Microsoft UK, said the UK could only meet its AI aspirations if businesses invested in cybersecurity processes and were upgrading their security toolkits to match those of bad actors.
“Just as businesses and governments are keen to harness the potential of AI, so are bad actors. Traditional add-on security solutions can no longer keep pace with the threat posed by cybercriminals, meaning UK organizations must be prepared to fight fire with fire,” Barclay said.
“Unless we arm ourselves with AI-based cyber defenses that are more powerful than AI-based cyber threats, it will be difficult, if not impossible, for us to grow and ultimately thrive as a nation. »
SEE: Definition of generative AI: how it works, benefits and dangers
How AI Strengthens Cybersecurity Capabilities
Paul Kelly, director of the Security Business Group at Microsoft UK, said in the report that appropriate AI technologies could enhance businesses’ capabilities to detect and mitigate cybersecurity threats by automatically identifying complex patterns and anomalies than human analysts. could be missing.
“AI for Cybersecurity uses AI to analyze and correlate cyber threat data from multiple sources, transforming it into clear, actionable insights. Security professionals can then use this information for further investigations, responses and reporting,” Kelly said.
“If a cyberattack meets certain criteria defined by an organization’s security team, AI can also automate the response and isolate affected assets. Generative AI goes even further by producing original text, images, and other natural language content based on patterns in existing data.
Potential financial benefits of AI-enhanced cybersecurity for UK businesses
The report highlights the potential benefits of AI-enhanced cybersecurity.
For businesses of varying sizes, a typical cyberattack costs £20,700 ($26,300), with larger organizations facing an average cost of £148,700 ($189,800). However, businesses implementing AI-based cybersecurity tools saw this spend decrease to £16,600 ($21,200), a 20% reduction in costs. The report attributes this to the ability of AI security tools to identify and respond to cyber threats more quickly.
The six dimensions of an effective defense against Al
Understanding current cybersecurity capabilities is crucial for businesses looking to improve their defenses against AI threats.
Goldsmiths researchers have developed an assessment model based on six key areas to assess the cybersecurity strategies of UK organizations (Figure B):
- Resources.
- Agility, AI and automation.
- R&D and innovation.
- Transparency and technical knowledge.
- Organizational membership.
- Confidence and mindset.
Figure B
The model was designed to align with criteria used in international benchmarks for establishing robust cybersecurity measures. Based on this model, the report reveals that only a fraction of UK organizations can be considered resilient to the evolving threats posed by AI.
Cybersecurity awareness must be widespread across all organizations
The report also highlighted a lack of cybersecurity awareness among UK decision-makers.
Specifically, 27% are unaware of the costs associated with successful cyberattacks, and 53% are unsure of recovery times after such incidents. This contrasts with a higher level of understanding among security professionals, indicating the importance of raising cybersecurity awareness across organizations.
Likewise, the study found a notable difference of opinion when it comes to the risks posed by Internet of Things devices: 38% of senior security professionals say they are concerned about IoT, compared to 12% of senior security professionals. decision-makers. This suggests that improving knowledge about cybersecurity risks and mitigation strategies is essential for organizations, the report said.
A five-step plan for better cybersecurity with AI
The report offers a blueprint for governments and business leaders designed to build resilient cyber defenses and use AI effectively. Here are five key steps to guide the development of robust protections while leveraging AI technology:
- Supporting widespread adoption of AI in cybersecurity: Encourage rapid adoption of AI-based defenses and innovative cyber strategies.
- Targeted investment: Guide organizations toward targeted investments in AI solutions, bespoke or off-the-shelf.
- Cultivate talents: Leverage skills programs, on-the-job training and partnerships to improve cybersecurity skills in the UK.
- Promote research and knowledge sharing: Invest in R&D partnerships and encourage information sharing from cyberattacks for better preparedness.
- Promote simple and safe adoption: Collaborate with leaders across various industries to provide clear, standards-aligned guidance for AI deployment.
SEE: UK Deep Tech faces major diversity challenge, says Royal Academy of Engineering
In A press release Accompanying the report, Dr Chris Brauer, Director of Innovation at Goldsmiths, said: “The UK has phenomenal potential to become the world leader in the use of AI, an unprecedented opportunity to boost our economy and transform our public services. But this future must be built on solid foundations.
He added: “To become an AI superpower, the UK must maintain its position as a cybersecurity superpower. With so many organizations vulnerable to cybercrime, our research highlights both the urgency of the problem and helpful steps leaders can take to strengthen the nation’s cyber resilience.