Microsoft: 87% of UK Organizations Vulnerable to Costly Cyber-Attacks

Written by

Just 13% of UK organizations are resilient to cyber-attacks, with the remainder either vulnerable (48%) or at high risk (39%) of damaging cyber-incidents, according to a new report by Microsoft in collaboration with the University of London.

The tech giant said the lack of secure foundations harms the UK’s ambition of becoming an ‘AI superpower’.

Microsfot urged increased investment in AI technologies and solutions to tackle the growing weaponization of AI by cyber-threat actors.

UK Organizations Fail to Be Cyber-Resilient

The report defined resilient organizations as those that have implemented security-by-design across their networks. Additionally, they must be adopting AI security tools to enable them to detect and respond faster to threats.

Of the 48% of organizations categorized as ‘Vulnerable,’ the researchers said that while defensive systems and processes are in place, additional investment and support is required to build resilience. Only a few are using AI as a security tool.

Organizations considered ‘High Risk’ are those that have limited focus on cybersecurity, and mostly fail to use AI in their business at all.

UK organizations’ cybersecurity performance. Source: Microsoft
UK organizations’ cybersecurity performance. Source: Microsoft

The research also found that cyber-attacks could be costing UK organizations £87bn ($111bn) every year, and estimated that stronger cybersecurity could save the UK economy £52bn ($66bn) annually.

The majority of decision-makers (52%) and senior security professionals (60%) surveyed expressed concern that current geopolitical tensions will increase cyber risks to their organization.

Additionally, nearly three-quarters (70%) of senior security professionals said they feared the risks posed by AI to their organization, with this sentiment expressed by 49% of decision-makers.

Despite this concern, only 55% of organizations are prepared for cyber threats and just 43% have designated resources for cybersecurity-related events.

Less than half (49%) of these leaders claimed to understand the cybersecurity skills their workforce requires, and only 56% have offered cyber-awareness training to staff.

Almost a third (27%) of UK decision-makers admitted they do not know what cost a successful cyber-attack would have to their organization, while 53% do not know how long it takes to recover from one.

The Urgent Need to Leverage AI in Cybersecurity

The report estimated that businesses that incorporate AI into their security strategy might lower financial losses after a successful attack by 20%.

The average cost of incidents for organizations using AI in security was £16,600 ($21,156) which compares to £20,700 ($26,380) for those not using these tools.

The researchers calculated that organizations using AI in cyber defense could withstand an average of 254 successful attacks before the equivalent of their annual revenue is wiped out. This falls to just 106 attacks for organizations not deploying AI in this manner.

However, just 21% of organizations currently deploy AI in the detection of cyber vulnerabilities, and only 27% are using it specifically to strengthen their cyber defenses.

The report emphasized that AI offers UK organization an opportunity to tip the scales in their favor against cybercriminals.

Dr Chris Brauer, Director of Innovation at Goldsmiths, University of London, commented: “The UK has phenomenal potential to lead the world in the use of AI – an unprecedented opportunity to supercharge our economy and transform our public services. But that future must be built on secure foundations.

“To become an AI superpower, the UK must maintain its position as a cybersecurity superpower. With so many organisations shown to be vulnerable to cybercrime, our research surfaces both the urgency of the issue, and useful actions that leaders can take to boost the country’s cyber resilience.”

Microsoft Announces General Availability of Copilot for Security

On March 13, 2024, Microsoft announced that its Copilot for Security product will be generally available worldwide from April 1 following a the conclusion of its early access program for select customers.

The large language model (LLM) is designed to assist security teams in a variety of functions, including classifying and responding to incidents, report writing for investigations, and analyzing the organization’s internal and external attack surface.

Speaking on a Microsoft security briefing call on March 12, Andrew Conway, Vice President Security Marketing at Microsoft, said Conway revealed that the tech giant is currently in the process of embedding Copilot for security across the entire Microsoft security portfolio.

He observed that cybersecurity has emerged as the most serious use case for AI.

“We see our customers have traditionally faced a disadvantage versus threat actors, and this is a moment where we’re actually seeing organizations use generative AI to gain an advantage,” explained Conway.

What’s hot on Infosecurity Magazine?