Over half of UK business leaders report that they are not fully prepared for more advanced AI-enabled cyber threats, according to a survey of 500 UK business leaders.
The survey indicates that cyberattacks are increasing, with 54% of respondents reporting a rise compared to 45% two years earlier. Despite this, more than half of businesses say they are uncertain about their ability to defend against attacks involving AI.
The findings highlight the role of AI in changing the nature of cyber threats. While AI can be used to support cybersecurity, it is also being used to develop more complex attacks. At the same time, 42% of respondents view AI as a positive development, although its use remains limited in some organisations.
Adoption levels vary. While 69% of respondents report using AI in their cybersecurity approaches, 26% say they have not yet adopted it. This comes as attackers increasingly use AI to carry out more sophisticated and scalable attacks.
Email continues to be a common attack vector. A total of 57% of respondents identify phishing as their primary concern, including AI-assisted phishing campaigns that generate more targeted and personalised messages. In addition, 40% express concern about the use of deepfake technology, both in cyberattacks and in the spread of misleading or manipulated content.
Despite these challenges, many organisations report benefits from using AI in cybersecurity. Nearly two-thirds of respondents say they have used AI to help respond to cyber threats within the past year. As a result, 91% plan to invest in AI technologies in the coming years. However, many also report concerns about whether their teams have the necessary skills to manage AI-related risks.
Respondents widely expect AI to play a larger role in cybersecurity going forward. This includes integrating AI into security strategies, alongside ongoing staff training and, in some cases, the use of external service providers.
The findings also indicate that organisations are balancing investment in technology with the need to develop internal capabilities, including workforce skills, to address evolving cyber threats.
