The UK’s ambition to become a ‘global AI superpower’ may be at risk as just 13% of the country’s organisations are classified as ‘Resilient’ to cyberattacks in a new report, published by Microsoft.
The research, developed by Dr Chris Brauer, Goldsmiths, University of London, in collaboration with Microsoft, benchmarks the state of cybersecurity within the UK’s businesses and public sector organisations. It describes 48% of UK organisations as ‘Vulnerable’ to cyberattacks, and a further 39% as ‘At High Risk’, based on self-reported performance against a new academic model of cyber resilience, developed by the research team.
The report acknowledges that Britain as a whole is leading the global field in cybersecurity, with strong performance in international indices. But as malicious actors around the world increasingly adopt AI to enhance cyberattacks, the report urges organisations to ‘fight fire with fire’ - use AI technologies to boost cyber defences. Doing so could deliver a £52 billion annual dividend to the UK economy, according to the research.
Based on surveys of over 1,000 senior leaders at UK private and public sector organisations, including 200 senior cybersecurity professionals, and 1,051 employees, the report, Mission Critical: Unlocking the UK AI Opportunity Through Cybersecurity, includes insights from leading British organisations, as well as prominent cybersecurity experts from across government, industry and academia.
Key findings include:
· Just 13% of UK businesses can be described as ‘Resilient’ to cybercrime.
· Organisations that use AI-enabled cybersecurity are twice as resilient to attacks as those that do not, and suffer 20% less costs when successfully attacked.
· Use of AI in cyber defence could save the UK economy £52 billion annually.
· 69% of decision-makers recognise that Britain will need stronger cybersecurity defences if it is to achieve its goal of international AI leadership.
· Report provides advice for the UK to maintain its momentum in international cybersecurity leadership, and practical steps for organisational leaders to boost cyber resilience.
Fighting fire with fire
The researchers found that organisations applying AI in cyber defence had twice the resilience to cyberattacks as those that are not. It also found the cost of a successful attack is 20% lower. If AI technologies were used widely and effectively in cybersecurity across the UK, the research estimates that it could reduce the annual cost of cyberattacks in the UK by £52 billion. This is down from the current £87 billion total cost to UK organisations.
Paul Kelly, Director of the Security Business Group at Microsoft UK comments: “Cyber criminals, some armed with the resources of a nation state, are ‘tooling up’ with AI to increase the sophistication and intensity of their attacks. This research outlines 52 billion reasons for organisational leaders to ‘fight fire with fire’. The same AI technologies can help leaders better secure their organisation and tip the balance back in their favour. AI has the potential to make your business and data more secure, but also, if a cyberattack were to occur, to lessen the impact on your bottom line.”
An ‘AI superpower’ must be a ‘cybersecurity superpower’
The majority of decision-makers (52%) and senior security professionals (60%) surveyed in the study fear that current geopolitical tensions will increase cyber risks to their organisation. Consequently, more than half (55%) see a lack of robust protection as a threat to the UK’s economic growth while two-thirds (69%) recognise that Britain will need stronger cybersecurity defences if it is to achieve its goal of international AI leadership.
In response, the report identifies 5 opportunities for the UK to maintain the country’s ‘cybersecurity superpower’ status, a pre-requisite identified by the research to becoming an ‘AI superpower’:
1. Support widespread adoption of AI in cybersecurity: Widespread facilitation of more rapid adoption of AI-enabled defences, while inspiring ever more creative cyber approaches among the nation’s security professionals.
2. Target investment: Investment must be prioritised and precise, with organisations encouraged to focus on buy-and-build configurations or off-the-shelf solutions.
3. Cultivate talent: The UK should use nationally incentivised skills programmes, on-the-job learning and public-private partnerships with academic institutions to better cultivate UK talent.
4. Foster research and knowledge sharing: Continue to invest in public/private R&D partnerships while supporting entrepreneurs to innovate on AI’s frontier. Learnings from cyberattacks should form the basis of nationwide, cross-industry alliances for cybersecurity preparedness, turning threat awareness into readiness and, ultimately, mitigation.
5. Support simple, safe adoption: Continue to work with business leaders across sectors—from healthcare to manufacturing, and from the military to finance — on simple, outcomes-based guidance, aligned to international standards, to encourage the safe and secure deployment of AI.
Dr Chris Brauer, Director of Innovation at Goldsmiths, University of London said: “The UK has phenomenal potential to lead the world in the use of AI - an unprecedented opportunity to supercharge our economy and transform our public services. But that future must be built on secure foundations. To become an AI superpower, the UK must maintain its position as a cybersecurity superpower. With so many organisations shown to be vulnerable to cybercrime, our research surfaces both the urgency of the issue, and useful actions that leaders can take to boost the country's cyber resilience."