A report, presented by Chancellor of the Duchy of Lancaster Pat McFadden at the National Cyber Security Centre’s (NCSC) CYBERUK conference, highlighted that AI will enhance the efficiency and effectiveness of cyber intrusion activities. The report forecasts that by 2027, AI-enabled tools will likely improve the capabilities of threat actors in exploiting known vulnerabilities. The current interval between vulnerability disclosure and exploitation, already brief, is expected to become even shorter due to AI advancements, posing significant challenges for network defenders.
“Today we are declassifying an intelligence assessment that shows AI is going to increase not only the frequency but the intensity of cyberattacks in the coming years,” said Pat McFadden. He emphasised the importance of evolving security systems to keep pace with adversarial tactics.
UK infrastructure faces increased cyber risks with growing AI integration
The report also highlights the expanding use of AI models and systems within the UK’s technological infrastructure, particularly in critical national sectors with insufficient cybersecurity measures. This trend is likely to increase the attack surface, providing more opportunities for adversaries. As AI becomes more integrated into business operations, organisations are urged to strengthen cyber resilience to counter AI-driven threats, according to the report. Integrating AI and connected systems into existing networks requires a renewed focus on fundamental security practices.
“We know AI is transforming the cyber threat landscape, expanding attack surfaces, increasing the volume of threats, and accelerating malicious capabilities, said NCSC operations director Paul Chichester. “While these risks are real, AI also presents a powerful opportunity to enhance the UK’s resilience and drive growth, making it essential for organisations to act. Organisations should implement strong cybersecurity practices across AI systems and their dependencies and ensure up-to-date defences are in place.”
To assist organisations in enhancing their security measures, the NCSC has published resources such as the Cyber Assessment Framework and 10 Steps to Cyber Security. The report also notes that in the rush to develop new AI models, developers may prioritise speed over comprehensive cybersecurity, increasing risks from state-linked actors and cybercriminals. British companies, public organisations, and institutions have faced numerous cyberattacks in recent years, resulting in significant financial losses and operational disruptions.
Recently, British retailers Marks & Spencer, the Co-op Group, and Harrods have experienced cyberattacks, with M&S still unable to process online clothing orders.
Earlier this year, the UK government introduced the AI Cyber Security Code of Practice, developed by the NCSC and the Department for Science, Innovation and Technology (DSIT), to guide organisations in securely developing and deploying AI systems. This Code of Practice is set to become the foundation for a new global standard for secure AI through the European Telecommunications Standards Institute (ETSI).
Read more: UK introduces Cyber Governance Code of Practice for board-level cyber risk oversight
