New research from cybersecurity firm CyXcel reveals that a significant portion of UK businesses remain ill-equipped to handle AI-related threats. According to the study, 29% of firms have only just implemented their first AI risk strategy, while 31% still lack any governance policies at all—despite growing awareness that AI could pose serious cybersecurity threats.
The findings underscore a critical vulnerability: although many businesses are eager to adopt AI, they’re doing so without sufficient risk management, leaving themselves exposed to data breaches, disruptions, and regulatory penalties.
Emerging Threats: Poisoning and Deepfakes
One of the most concerning vulnerabilities highlighted in the study is the lack of preparedness for AI-specific threats. CyXcel reports that 18% of surveyed UK and US companies are unready to defend against data poisoning attacks—where adversaries manipulate AI training data to compromise outcomes.
Additionally, 16% of businesses lack any policies to respond to deepfake technology or model cloning. These gaps, in a time of rising sophistication in AI-driven attacks, could have serious reputational and financial consequences.
Tools for a New Risk Landscape
To address this gap, CyXcel promotes its Digital Risk Management (DRM) platform, designed to offer an all-in-one dashboard that blends cyber, legal, and strategic insights. The DRM platform helps companies create AI governance policies, manage digital risk, and stay compliant with regulations like the EU’s NIS2 and DORA.
The system goes beyond simple alerts, offering recommendations on how to manage and mitigate threats across multiple domains—from cyber and AI to geopolitical and regulatory environments.
Regulatory Pressure Mounts
Governments across the globe are tightening requirements on digital resilience. Edward Lewis, CEO of CyXcel, noted that laws like the EU’s Cyber Resilience Act and proposed UK mandates on ransomware disclosure reflect a new era of regulatory scrutiny—especially for companies handling critical national infrastructure.
CyXcel’s clients often operate in these high-risk sectors, where legal noncompliance could result in heavy fines and legal liabilities. As such, the company is positioning its DRM platform as a proactive solution for navigating this complex terrain.
Practice What You Preach
In a notable moment of transparency, CyXcel acknowledges that it is also exposed to the very risks it helps clients manage. The company stresses that its approach to digital risk is not merely advisory—it’s personal. As both a service provider and a potential target, CyXcel says it’s committed to continuously evolving its own risk frameworks to stay ahead of the curve.
Closing the AI Risk Gap
As AI adoption accelerates, companies that fail to plan for its risks may find themselves at the mercy of attackers—or regulators. CyXcel’s findings serve as a warning: without clear policies, strategic tools, and a firm grasp on AI-specific vulnerabilities, businesses risk trading efficiency for exposure.