In this issue of In Perspective, Jackie Barlow, Data Protection Senior Consultant at Xcina Consulting, discusses the questions every business should be asking. This month we look at Artificial Intelligence (AI) and the impact on cyber operations for business. We discuss the new 2024 Cyber Security Breaches Survey launched by the Department for Science, Innovation and Technology and finally, look at how organisations will need to adapt and manage how AI is used in relation to their business.
We take a look at why this is important and the implications for both businesses and individuals.
Find out more below.
How will AI impact cyber threats over the next 2 years? The NCSC sets out its assessment.
What happened
- The National Cyber Security Centre (NCSC) has produced a report on how AI will impact cyber operations and cyber threats over the next 2 years
- A global ransomware threat is expected to rise due to AI
- It is very likely that the volume and impact of cyber attacks will increase
- If the barrier of entry to novice cyber criminals, hackers and hacktivists is lowered, AI will allow relatively unskilled threat actors to carry out more effective access and information gathering operations
- Enhanced access combined with the improved targeting of victims afforded by AI, will contribute to the global ransomware threat in the next 2 years
- The government has invested £2.6bn within its Cyber Security Strategy to improve the UK’s resilience
- In November 2023, the Bletchley Declaration signalled a global effort to manage the risks of AI and to ensure its safe and responsible development
Why it matters
- The NCSC is urging organisations and individuals to implement protective measures early when planning to use AI
- Where personal data is involved in a new AI project, a data protection impact assessment must be completed as a first step
- AI is already being used in malicious cyber activity and will almost certainly be responsible for an increase in the volume and impact of cyber attacks including ransomware in the near term
- Ransomware continues to be the most acute cyber threat facing UK organisations
The full NCSC article can be seen at:
Global ransomware threat expected to rise with AI, NCSC warns – NCSC.GOV.UK
Further information on the Bletchley Declaration can be found at The Bletchley Declaration by Countries Attending the AI Safety Summit, 1-2 November 2023 – GOV.UK (www.gov.uk)
DSIT launches 2024 Cyber Security Breaches Survey
What happened
- On September 14th 2023 the Department for Science, Innovation and Technology (DSIT) launched its Cyber Security Breaches Survey 2024
- The survey will investigate the cyber security issues faced by UK businesses, educational institutions and charities
- DSIT stated that survey fieldwork would be carried out by Ipsos via telephone between Sept 2023 and Feb 2024
- Respondents will be asked about how they approach cyber security and about any data breaches or attacks experienced in the previous 12 months
- Participation in the survey is confidential and voluntary
- Survey participants are chosen randomly from a number of databases including the Market Location Business Database, the Charity Commission, ‘Get Information about Schools’ database and the NI Department of Education database among others
- DSIT said that senior individuals with the most cybersecurity knowledge or responsibility within the participant organisations, would be invited to take part
Why it matters
- This is the government’s annual survey which records experiences and impacts of cyber breaches and attacks on businesses, charities and educational institutions
- It’s part of the government’s National Cyber Strategy 2002
- The research will inform government policy on cyber security
Further information about the survey can be found at;
UK: DSIT launches 2024 cybersecurity breaches survey | News post | DataGuidance
The government provides a wide range of free cyber security guidance and information including free online training at Cyber security guidance for business – GOV.UK (www.gov.uk)
How responsible must senior managers be, when they plan to use AI?
What happened
- AI presents many opportunities and is expected to have a positive impact on financial services in particular
- Generative AI is expected to lead to increases in productivity of between 2.8% and 4.7% of banks’ annual revenues*
- Individuals (customers and employees) are however, concerned that this technology is opaque and they don’t fully understand it and how it will affect them
- For now, firms are under pressure to use AI more in their business and they must act quickly when using third party products for AI services, to secure these services
- Senior management must, however, ensure the corresponding data governance and risk management process is robust
- Technology might be cutting edge, but the risks are the well-known and must be taken into account
- The UK Prudential Regulation Authority’s model risk management (MRM) principles for banks come into force in May 2024. These have been developed with AI models in mind.
- One of the 5 main principles is governance which includes an expectation that boards will challenge the outputs of AI models going forwards
Why it matters
- AI is transforming the economy worldwide
- Where financial services are enhanced or made more efficient using AI, it is still crucial that customer outcomes stay the same and regulators will expect the same levels of compliance
- Senior management must fully understand their organisations’ use of AI, to have valid oversight of it and be able to challenge it appropriately
- They cannot regard themselves as ‘technology neutral’ but must fully engage with AI
* Economic potential of generative AI | McKinsey
Further information
The ICO produced the article below in June 2023, in which it called for businesses to address the privacy risks that generative AI can bring before rushing to adopt the technology