Despite rising awareness of AI as a major risk, many UK businesses remain underprepared to manage its challenges, exposing them to security breaches, regulatory penalties and operational disruption. New research from cybersecurity consultancy CyXcel reveals that while nearly a third of UK firms rank AI among their top three risks, a similar proportion lack formal AI governance policies, and many are only just beginning to address the issue.
The study found that 18 percent of UK and US companies are unprepared for threats like data poisoning, where attackers manipulate training data, and 16 percent are vulnerable to deepfakes or identity cloning. These emerging risks underscore the need for stronger oversight and pre-emptive action.
To support businesses, CyXcel has launched a Digital Risk Management platform offering guidance on AI risk identification and governance. Chief Product Officer Megha Kumar said firms want to adopt AI but are held back by the absence of policy frameworks. CEO Edward Lewis highlighted the growing complexity of cybersecurity regulation, including new UK ransomware reporting laws and the EU’s Cyber Resilience Act.
This private sector response complements recent government moves. In November 2024, the UK launched a national AI safety platform, providing tools for impact assessments and bias detection. Science and Technology Secretary Peter Kyle said the initiative supports responsible AI adoption and could unlock a £28 billion fiscal headroom through a projected 5 percent productivity boost.
The UK joins the US and EU in advancing AI regulation, but experts stress that legislation must be backed by public and private investment in computing power and talent to maintain competitiveness. The Social Market Foundation has called for coordinated funding to develop the UK’s AI assurance capabilities.
A government report published this year warns that traditional security methods are inadequate for AI’s complex risk landscape. It maps vulnerabilities across the AI lifecycle and calls for a holistic approach to design, deployment and maintenance.
Market dynamics add another layer of concern. The Competition and Markets Authority has warned about the dominance of six tech giants—Google, Microsoft, Meta, Amazon, Apple and Nvidia—in the AI sector, citing risks to competition and consumer choice. CMA Chief Executive Sarah Cardell stressed the challenge of managing AI’s benefits while curbing harmful market imbalances.
Businesses are being urged to adopt robust governance frameworks that include leadership accountability, risk assessments and staff training. Legal experts also highlight risks around intellectual property and GDPR compliance. The Information Commissioner’s Office has already taken action against firms mishandling personal data in AI systems.
While the UK is building momentum around responsible AI, the gap in business readiness remains a key concern. Closing it will require stronger governance, investment and regulatory agility to turn AI risks into long-term opportunities for economic growth and innovation.
Created by Amplify: AI-augmented, human-curated content.
