A new report by cybersecurity consultancy, CyXcel, finds 29% of UK businesses questioned have only recently established their first AI risk strategy, with 31% still without an AI governance policy in place at all. But a third of businesses already know that artificial intelligence (AI) could be a threat to their cyber security.
This invisible gap in AI risk preparedness could potentially expose companies to data breaches, business downtime, fines, and other pitfalls, says CyXcel. Some 18% of UK and US companies are not ready for AI data poisoning — a type of cyberattack on AI and machine learning (ML) that “trains” a model to behave a certain way. Plus, 16% lack a plan to mitigate cloning or deepfake threats.
AI Adoption vs. AI Anxiety
Megha Kumar, Chief Product Officer and Head of Geopolitical Risk at CyXcel, called it a “Catch-22.”
“Organizations want to use AI but are worried about the risks — and that risk will typically be fueled by a lack of policies and governance frameworks,” she said.
To mitigate these fears, CyXcel has built a Digital Risk Management (DRM) platform that it believes will allow businesses — including those which may not have a lot of tech resources — to navigate the digital risk landscape and utilize AI with knowledge and assurance.
End-to-End Risk Protection with CyXcel DRM
CyXcel’s DRM platform provides an all-inclusive offering that leverages the skills of cybersecurity, legal, technical, and strategic proficiency. It doesn’t just enable real-time risk management, it allows organizations to define governance and policies to minimize AI risks.
The DRM framework includes guides across:
- AI
- Cybersecurity
- Supply chain risks
- Geopolitics
- Regulation
- OT/IT
- Corporate responsibility
The tactics are accessible in a unified dashboard that allows users to see expert-validated advice and execute recommended risk mitigation measures.
The platform derives its intelligence from codified legal and technical know-how, enabling users to monitor developments, gauge the potential impact, and be aware of new risks. It also recommends ways to address the threats and vulnerabilities to better secure its digital stance.
Built for Regulatory Readiness
The DRM service includes a “full-spectrum dispute resolution and litigation service” that supports organisations in meeting regulatory requirements faster and with more certainty.
For industries operating under the strictest rules around cybersecurity, CyXcel’s DRM is compliant with 26 areas, covering regulations such as the EU’s NIS2 and DORA (Digital Operational Resilience Act). These domains are core infrastructure sectors designated as CNI (Critical National Infrastructure) in the US, UK, and EU.
Meeting the Evolving Cybersecurity Landscape
CyXcel CEO Edward Lewis stressed mounting international regulatory demands:
“Governments around the world are increasing security standards for critical infrastructure and sensitive data. For example, there are mandatory measures the EU has also included in its own Cyber Resilience Act, such as the requirement for automatic software updates and incident notification. The U.K. is additionally set to put new laws in place next year, with legislation expected on mandatory ransomware reporting and greater regulatory enforcement powers.”
CyXcel Is in Danger Too — The Same Dangers as Its Clients
Fascinatingly, CyXcel accepts that it is equally susceptible to online threats as the companies it advises.
Legal and reputational risk: CyXcel’s clients are highly sensitive to compliance risks with penal and reputational consequences should CyXcel provide incorrect guidance.
That’s also why, at CyXcel, we emphasize: risk is not just advisory — it is personal. The company’s marketing materials highlight that CyXcel embraces the same risks as its clients and is dedicated to traversing them together.
