While governments around the world ignore metaphorical AI regulations, something is happening behind the scenes. Something that is clearly very dangerous and increasingly common is cybercrime.
Companies, whether technology-based or otherwise, are struggling with both the know-how and the tools to ensure safety in the increasingly digital economy that the current government is said to be actively promoting. There should be no facts.
Yet, businesses are succumbing to the influx of AI-powered cybercrime. Whether it's ransomware, deepfake scams, or traditional phishing scams, 2024 is already proving to be a record-breaking year for cybercrime, and not in a good way.
The UK government’s current approach to both AI and cybersecurity governance is highly intrusive. Whether it's due to increased pressures outside the world of technology (economy, national defense, impending elections) or perhaps a lack of understanding on the part of governments themselves, companies have little or no rudder as to what to expect. They are placed in a precarious position that they cannot take. In the near future.
The implementation of this modern cybersecurity code of practice has many benefits for companies that are new to cybersecurity norms. Yet, in contrast to legally binding laws that bind companies, it remains possible for these protocols to be completely ignored. This freedom means companies are more likely to prioritize what they want to do when it comes to cybersecurity, rather than what they should do.
The risks of businesses ignoring these cybersecurity threats are significant. You don't need to look too closely to the story of a Hong Kong business that was defrauded of $25 million as a result of a deepfake scam.
So where do we go from here? Hopefully it will be more clear. No UK business can expect to thrive in an increasingly digital economy without a clear framework and governance that holds companies accountable, regardless of their size or industry. Look across the pond for a powerful example of this in action.
Last summer, the US government's SEC enacted ironclad legislation requiring public companies to disclose cybersecurity incidents and maintain high standards of cybersecurity controls. Additionally, the SEC requires all registrants to describe their board of directors' oversight of risks posed by cybersecurity threats and management's role and expertise in assessing and managing significant risks posed by cybersecurity threats. We took the unprecedented step of making it compulsory.
Laws and rulings like these signal the potential for the cybersecurity industry to become more accountable, from the boardroom to the factory floor.
The proposed code of conduct also raises questions about how Labor intends to deal with technology-related issues such as cybersecurity, which it has not yet invested much time or energy into. As we approach the next general election, both the Conservatives and Labor should expect issues around AI, cybersecurity and technology regulation to be high on their priority lists, leading to companies taking sides in the election. There is a good chance that the decision will be made. Throw their support behind you.
From conversations I have in my day-to-day working life, many companies in the UK and abroad still view cybersecurity procedures and partners as 'nice-to-haves'. These companies have invested significant amounts of money, time, and energy into digitizing their enterprises and, importantly, their supply chains.
As this digital supply chain becomes a reality, it begs the question: Why isn't the same amount of money being spent on cybersecurity, despite cybercriminals' obvious ability to disable and disrupt these essential aspects of a company's operations? Masu. The growing prevalence of cybercrime and ransomware groups in the UK has highlighted the need for cybersecurity legislation and standards of practice, rather than recommended codes of conduct, to become more apparent. Only then will UK businesses have a chance to combat the latest wave of cybercrime.
The legislation needs to be comprehensive, but of course also achievable for UK businesses regardless of size or function. To do this, the government will look to industry experts to understand what modern cybersecurity law will look like and how it will help protect businesses and their employees from harm. We need to gather opinions, insights, and suggestions on what to do.
Barry O'Connell is Trustwave's General Manager for EMEA.
