Cyberattacks regularly make headlines in the news. These crimes affect high-profile businesses including retailers, banks as well as individuals. Ian Stuart, until recently the head of the UK arm of HSBC, announced that the bank is “being attacked all the time” by online criminals, with cybersecurity now its biggest expense, costing the lender hundreds of millions of pounds.
The National Crime Agency states that cyberattacks are financially devastating and disrupting to both people and businesses. They undermine the economic stability of the UK and cost the UK economy millions of pounds each year.
Not all cyberattacks are financially motivated. Some are for espionage, and/or operational disruption motives. On 19th January 2026 the UK’s National Cyber Security Centre (NCSC) – a part of GCHQ – warned of Russian aligned ‘hacktivist’ groups continuing to target UK organisations with disruptive cyberattacks.
The progression of AI is expected to lead to an increase in frequency and intensity of cyber threats. The NCSC states that, AI will almost certainly pose cyber resilience challenges to 2027 and beyond, across critical systems and economy and society. These will range from responding to an increased volume of attacks, managing an expanded attack surface and keeping pace with unpredictable advancements and proliferation of AI-cyber capability.
In addition to using AI to carry out cyberattacks, the use of AI technology connected to company systems, data, and operational technology for tasks leaves any company or organisation using AI technology at risk. It is therefore crucial for any organisation to maintain up-to-date cyber security measures on their AI systems and their dependencies. Whilst AI offers great potential for efficiency and creativity, organisations are strongly encouraged to follow the NCSC’s guidance on deploying AI tools securely, and to protect themselves from cyber threats. In addition the NCSC has developed a minimum standard of cyber security called Cyber Essentials. The self-certification scheme is aligned to five technical controls designed to prevent the most common internet based cyber security threats.
