Balancing cyber threats with innovation
As the UK’s Critical National Infrastructure (CNI) becomes increasingly digitised, the risk of cyberattacks is growing in both complexity and frequency. These evolving threats present significant challenges, but they also offer unique opportunities for innovation. Furthermore, the cyber security skills gap in the UK has been widely reported. A recent government report estimates that 44% of business have a basic skills gap in this area and 30% of cyber firms in 2024 have faced a problem with a technical skills gap in expertise.
The cyber threat landscape: challenges facing the UK’s CNI
The UK’s CNI – including sectors such as energy, transport, healthcare, and finance – remains a prime target for bad actors. A successful cyberattack on these vital systems could result in severe consequences, from extensive power outages to compromised healthcare systems.
One of the greatest challenges is the rapid evolution of cyber threats, particularly advanced techniques like ransomware, where an attack could disrupt services and steal sensitive data. According to last year’s IDC report commissioned by Kyndryl, most IT leaders perceive malware as “the most significant risk to their business,” with 70% of respondents indicating they were targeted by advanced techniques like ransomware within the last year.
The widespread adoption of artificial intelligence (AI) by bad actors has added another layer of complexity. AI-driven malware can adapt and evolve, making it more difficult for traditional security systems to detect. Attackers can automate processes, scale operations, and exploit vulnerabilities more effectively, posing serious challenges to conventional cybersecurity defences. Bad actors are also using generative AI to create sophisticated phishing attacks aimed at stealing credentials which then provides these bad actors with the keys to the front door.
95% of data breaches are due to human error, with many breaches traced back to simple mistakes, such as clicking on malicious links or neglecting software updates. To build true cyber resilience, organisations must adopt a holistic approach, combining advanced technology with education and fostering a culture of cybersecurity awareness.
New regulatory frameworks, such as the Network and Information Security Directive 2 (NIS2) and updates to NIS in the UK, are also raising the bar for cyber resilience standards. This has increased the stakes for companies and their Critical Service Providers, as failure to comply can lead to hefty fines and means that the C-Suite and the Board of directors are also liable under NIS2.
The role of AI in cyber resilience: threat and opportunity
Kyndryl helps organisations stay ahead of these threats. AI is integral to automated monitoring, real-time threat detection, and incident response. For example, AI systems can quickly identify suspicious behaviour, flagging potential threats that human analysts may miss. This reduces the burden on cybersecurity teams and allows them to focus on more complex challenges requiring human intervention. Kyndryl uses AI, specifically machine learning and integrated automation systems, to provide our customers with support and advanced protection capabilities for the entire lifecycle of any cyber threat.
Opportunities for innovation and stability
An organisation’s approach to cybersecurity must be proactive, focusing on modernising legacy systems, improving data visibility, and deploying AI-driven analysis. This AI driven innovation is critical, not just for preventing attacks but also for ensuring that businesses can continue to operate even when incidents do occur. For the UK’s economy, which is increasingly reliant on digital infrastructure, the resilience of CNI is essential for economic stability.
Plugging the cyber skills gap
Furthermore, upskilling cybersecurity teams to handle these new technologies should be an important focus for businesses. As AI takes on a larger role in cybersecurity, new roles are emerging, such as AI Security Engineers and Automation Specialists. These roles are crucial for optimising AI systems to ensure they deliver the insights necessary for effective cyber defence.
Safeguarding the future of the UK’s CNI
To combat the growing sophistication of cyberattacks, cyber resilience best practices need to become fundamental design principles for all CNI systems.
In this rapidly changing environment, businesses cannot afford to be complacent. Cyber resilience is about more than preventing attacks—it’s about readiness, recovery, and adaptation. By taking a proactive approach to cybersecurity, organisations can mitigate risks, recover swiftly, and evolve to meet future challenges. Strengthening the UK's CNI through innovation is not just a defensive measure, it is a foundation for future economic success and national security in an interconnected, digital world.
Jill Broom
Jill Broom
Jill leads the techUK Cyber Resilience programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
- Email:
- [email protected]
- Website:
- www.techuk.org/
- LinkedIn:
- https://www.linkedin.com/in/jill-broom-19aa824
Annie Collings
Annie Collings
Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.
In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.
Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.
- Email:
- [email protected]
- Twitter:
- anniecollings24
- LinkedIn:
- https://www.linkedin.com/in/annie-collings-270150158/
Tracy Modha
Tracy Modha
Tracy supports the marketing of several areas at techUK, including Cyber Exchange, Central Government, Cyber Resilience, Defence, Education, Health and Social Care, Justice and Emergency Services, Local Public Services, Nations and Regions and National Security.
Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!
Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!
- Email:
- [email protected]
- Phone:
- 02073312000
- Website:
- www.techuk.org
- LinkedIn:
- https://www.linkedin.com/in/tracymodha83