-optimized.jpg){kind=avatar}
Take cyber security seriously, at the very top of your organisation, two Government ministers have urged in an open letter to business leaders about AI and cyber threats.
If your board has not recently discussed cyber risk, do so at your next meeting and then regularly, say science minister Liz Kendall and Home Office security minister Dan Jarvis. “This is not an issue to delegate to your IT team and forget about,” they add.
The occasion for the unusual announcement is that AI firm Anthropic announced a new model called Mythos. Testing by the UK Science, Innovation and Technology (DSIT) AIย Security Institute (AISI) – a body for evaluating the capabilities of Frontier AI – ‘has found it to be substantially more capable at cyber offence than any model we have previously assessed’, the ministers say. Hence their urging that businesses take up the official Cyber Essentials certification scheme; and follow UK official National Cyber Security Centre (NCSC) free advice. For the open letter visit www.gov.uk.
This follows a campaign launched in February by DSIT with the NCSC to boost take-up of Cyber Essentials, to get basic ‘cyber hygiene’ right, given that many cyber incidents exploit basic weaknesses such as unpatched software.
Comments
Charlotte Wilson, head of enterprise for the UK and Ireland at the software firm Check Point, described it as a wake-up call businesses can’t afford to ignore. She said: “AI is making attacks more advanced, more personalised and far easier to execute at scale, and it’s not just critical infrastructure that’s in the crosshairs. Attackers go where defences are weakest. What’s important to recognise here is that this is a dual responsibility. The government has been clear that it wants industry to lean in as it shapes regulation. It doesn’t want rules that stifle innovation, but it does need them to be agile and adaptive. That means businesses can’t sit on the sidelines. The government is actively asking for intel from organisations, and those conversations matter.
“There’s also a very direct economic argument here. When we saw the major supply chain breaches of last year, attacks that were made more sophisticated and more damaging because of AI, the impact didn’t stay with the businesses affected. It rippled out. Rachel Reeves herself cited the JLR breach during the May statement as having a measurable drag on business growth and GDP. When you look at the scale of some of these breaches, and we’re talking figures in the billions, and then factor in the bailouts and recovery costs that follow, that burden ultimately falls on the taxpayer. So yes, the government has a role in holding businesses to account, but the framework has to be flexible enough for businesses to remain productive, effective and innovative, because a growing economy is what funds everything else. This only works if both sides show up.
“That’s something I actively try to do as a business leader – act as a bridge between government and industry. The reality is that expertise lies within the verticals themselves. The people who truly understand the cyber risk facing financial services, healthcare, or critical infrastructure are the ones operating in those sectors every day. The government can set the direction, but it needs that ground-level intelligence to get regulation right. That collaboration isn’t just a nice-to-have but central to whether any of this actually works.โ
And Jamie Akhtar, CEO and co-founder of CyberSmart, said that organisations with weak security postures are increasingly exposed. “Thatโs why fundamentals like patching, access controls and logging matter more than ever, and why government-backed certifications give essential confidence that these basics are in place for organisations and their customers.โ
