Recent statistics indicate that in the past year, 50 per cent of businesses and 32 per cent of charities experienced cyber breaches or attacks, with phishing being the most common type of breach
The UK government has introduced two new codes of practice aimed at enhancing the cybersecurity of AI models and software. These guidelines are designed to help developers protect their products from tampering, hacking, and sabotage, thereby boosting confidence in the use of AI across various industries. This move is expected to help businesses improve efficiencies, drive growth, and spur innovation.
Recent statistics indicate that in the past year, 50 per cent of businesses and 32 per cent of charities experienced cyber breaches or attacks, with phishing being the most common type of breach. The new codes aim to guide developers on building secure software to prevent incidents like the 2023 Move IT software attack, which compromised sensitive data in thousands of organisations worldwide.
Technology Minister Saqib Bhatti emphasized the importance of a safe digital environment, stating, “We have always been clear that to harness the enormous potential of the digital economy, we need to foster a safe environment for it to grow and develop. This is precisely what we are doing with these new measures, which will help make AI models resilient from the design phase.”
The announcement coincides with the release of the annual Cyber Sectoral Analysis Report, which shows a 13 per cent growth in the UK cyber security sector over the past year. The sector is now valued at nearly £12 billion, comparable to industries like automotive. The report also highlights an increase in the number of cyber security firms in the UK in 2023, which strengthens the country’s resilience to cyber attacks and supports sustainable economic growth.
NCSC CEO Felicity Oswald highlighted the importance of integrating cyber security into digital development, stating, “To make the most of the technological advances which stand to transform the way we live, cyber security must be at the heart of how we develop digital systems. The new codes of practice will help support our growing cyber security industry to develop AI models and software in a way which ensures they are resilient to malicious attacks. Setting standards for our security will help improve our collective resilience and I commend organisations to follow these requirements to help keep the UK safe online.”
These measures are seen as crucial for new businesses in the digital age, ensuring a commitment to cyber security, safeguarding users’ personal data, and fostering global alignment for enhanced cyber resilience. According to the UK government, the AI cyber security code is intended to form the basis of a future global standard.
Rosamund Powell, Research Associate at The Alan Turing Institute, commented on the new guidelines, saying, “AI systems come with a wide range of cyber security risks which often go unaddressed as developers race to deploy new capabilities. The code of practice released today provides much-needed practical support to developers on how to implement a secure-by-design approach as part of their AI design and development process.”
Powell added that the plans for this code to form the basis of a global standard are essential, given the role international standards play in addressing AI safety challenges through global consensus. She noted the importance of inclusive and diverse working groups, along with incentives and upskilling, to ensure the success of such global standards.
