British businesses will benefit from a world-first cyber security standard which will protect AI systems from cyber-attacks, securing the digital economy.
- British businesses will benefit from a world-first cyber security standard which will protect AI systems from cyber-attacks, securing the digital economy
- Security measures will unlock AI's potential to transform public services and boost productivity as part of the government's Plan for Change
- New global coalition to tackle worldwide cyber skills shortage and strengthen security expertise
Companies developing AI - from consumer apps to systems underpinning public services - will be able to better protect themselves from growing cyber security threats under steps set out by the UK government.
The steps announced today under a new Code of Practice will give businesses and public services the confidence they need to harness AI's transformative potential safely - supporting the government's Plan for Change as the technology drives forward improvements to public services, turbocharges productivity, and drives growth across the economy.
With cyber attacks or breaches affecting half of businesses in the last 12 months, safeguarding AI systems is crucial as adoption accelerates across the economy. The world leading Code of Practice pioneered by the UK, equips organisations with the tools they need to thrive in the age of AI. From securing AI systems against hacking and sabotage, to ensuring they are developed and deployed in a secure way, the Code will help developers build secure, innovative AI products that drive growth and fuel the Plan for Change.
It sets out how organisations using AI can protect themselves from a range of cyber threats such as AI attacks and system failures. This can include steps such as implementing cyber security training programmes which are focused on AI vulnerabilities, developing recovery plans following potential cyber incidents, and carrying out robust risk assessments.
The voluntary Code of Practice will form the basis of a new global standard for secure AI through the European Telecommunications Standards Institute (ETSI) - a major step which cements the UK's position as a world leader in safe innovation. With the UK AI sector generating £14.2 billion in revenue last year, these standards will help maintain growth while protecting critical infrastructure - building on the work of the AI Opportunities Action Plan .
Minister for Cyber Security Feryal Clark MP said:
The UK is leading the way in setting global benchmarks for secure innovation, ensuring AI is developed and deployed in an environment that protects critical systems and data which are central to delivering our Plan for Change.
This will not only create the opportunities for businesses to thrive, secure in the knowledge that they can be better protected than ever before but support them in delivering cutting-edge AI products that drive growth, improve public services, and put Britain at the forefront of the global AI economy.
The UK government has also published today an implementation guide for the Code, to support businesses as they shore up their cyber defences by providing a one-stop shop which brings together guidance and key steps to follow. AI represents a generation-defining technology which is central to the government's Plan for Change - holding incredible potential to transform public services, boost productivity and rebuild our economy.
NCSC Chief Technology Officer Ollie Whitehouse said:
It is vital that we harness the transformative potential of AI securely so that our society can reap the benefits of new technologies without introducing avoidable vulnerabilities and cyber risks.
The new Code of Practice, which we have produced in collaboration with global partners, will not only help enhance the resilience of AI systems against malicious attacks but foster an environment in which UK AI innovation can thrive.
The UK is leading the way by establishing this security standard, fortifying our digital technologies, benefiting the global community and reinforcing our position as the safest place to live and work online.
Building on this position of global leadership in cyber security, the UK has also spearheaded the launch of a new International Coalition on Cyber Security Workforces (ICCSW), alongside founding partners including Japan, Singapore, and Canada. The coalition - which emerged from the UK-led Wilton Park Summit in September 2024 - will help countries work together to tackle cyber threats and address the global cyber skills gap.
This new partnership will strengthen international cooperation on cyber security, breaking down barriers to career progression and increasing diversity in the sector. Current estimates show that supporting cyber skills will boost the £11.9 billion cyber security industry which will in turn help to drive growth in the British economy.
The UK is moving full steam ahead with plans to bolster our online defences through a new Cyber Security and Resilience Bill which was unveiled in last summer's King Speech. Ahead of that legislation's introduction, the government is also publishing its response to the Cyber Governance Code of Practice of today. In its response, the government warns that despite the massive disruptions cyber incidents can cause, boards and senior leaders often struggle to engage in cyber issues due to a lack of understanding, training, or time - making it more pressing than ever to ensure all sectors of the UK economy have the tools they need to address cyber threats.
To address this problem, DSIT has developed the Cyber Governance Code of Practice in collaboration with the National Cyber Security Centre and industry experts. The Code provides clear actions for directors to manage cyber risks effectively, enabling businesses to harness new technologies while building resilience. The government's response outlines improvements to the Code based on extensive feedback, with the updated version set to be published in early 2025.
Notes
The Code has been developed in close collaboration with NCSC and a range of external stakeholders. See call for views response f
