More than a third of UK businesses dangerously unprepared for AI risks, new research from CyXcel shows

Despite recognising Artificial Intelligence (AI) as a major threat, with nearly a third of UK organisations surveyed (30%) naming it among their top three risks, many remain significantly unprepared to manage AI risk.

Recent research from CyXcel, a global cyber security consultancy, highlights a concerning gap: nearly a third of UK businesses surveyed have only just implemented their first AI risk strategy (29%) - and 31% don’t have any AI governance policy in place.

This critical gap exposes organisations to substantial risks including data breaches, regulatory fines, reputational harm and critical operational disruptions, especially as AI threats continue to grow and rapidly evolve. CyXcel’s research shows that nearly a fifth (18%) of UK and US companies surveyed are still not prepared for AI data poisoning, a type of cyberattack that targets the training datasets of AI and machine learning (ML) models, or for a deepfake or cloning security incident (16%).

Responding decisively to these mounting threats and geopolitical challenges, CyXcel has launched its Digital Risk Management (DRM) Platform, which provides businesses with insight into evolving AI risks across all major sectors, regardless of business size or jurisdiction. The DRM helps organisations identify risk and implement the right policies and governance to mitigate them. Unlike conventional offerings, CyXcel’s DRM uniquely brings together cyber, legal, technical and strategic expertise that has been developed over decades working with companies across numerous sectors, and follows best practices.

Megha Kumar, Chief Product Officer and Head of Geopolitical Risk at CyXcel comments:

“Organisations want to use AI but are worried about risks - especially as many do not have a policy and governance process in place. The CyXcel DRM provides clients across all sectors, especially those that have limited technological resources in house, with a robust tool to proactively manage digital risk and harness AI confidently and safely.”

CyXcel’s DRM monitors threats to digital operations and provides deep insights and actionable strategies across seven categories - AI, Cyber, Geopolitics, Supply Chain, Technology (OT/IT), Regulation, and Corporate Responsibility, all via an online dashboard, aiding users to understand, minimise, transfer and manage digital risk. The DRM also supports businesses in deciding what digital solutions to adopt and how they can achieve and retain peak digital resilience.

The DRM Platform provides businesses with insight from both legal and technical experts allowing individual risk owners to get targeted visibility into risk intensity, key trends and emerging threats. Further, it gives advice as to how risk owners can manage those risks and align their investment in digital operations with their business goals.

Additionally, the DRM provides access to bespoke remediation services and advice bridging the gap between the executive, legal and technical teams. For example, CyXcel can help organisations develop AI governance policies as well as evaluate AI systems for security, privacy and technical vulnerabilities.

Traditional approaches treat risk management and compliance as separate tracks. CyXcel's DRM brings them together, reducing the burden of compliance across all digital risks. And if a regulatory investigation or enforcement action were to arise, companies can rely on CyXcel’s full-spectrum dispute resolution and litigation service - supporting organisations seamlessly from the boardroom to the courtroom if needed.

Especially for organisations that are mandated by strict regulations, the DRM can help clients ensure customer trust on data protection, safeguard executives against personal liability and protect against action by regulators. In particular, the DRM focuses on the 26 sectors that are obligated to comply with the EU’s NIS2 or DORA and are categorised as Critical National Infrastructure (CNI) in the US, UK or EU.

Edward Lewis, CEO, added:

“The cybersecurity regulatory landscape is rapidly evolving and becoming more complex, especially for multinational organisations. Governments worldwide are enhancing protections for critical infrastructure and sensitive data through legislation like the EU’s Cyber Resilience Act, which mandates security measures such as automatic updates and incident reporting. Similarly, new laws are likely to arrive in the UK next year which introduce mandatory ransomware reporting and stronger regulatory powers. With new standards and controls continually emerging, staying current is essential. CyXcel’s Digital Risk Management solutions are vital to helping organisations navigate and comply with these changes.”