The AI shift in cyber risk: why leaders must act now | National Cyber Security Centre icons/chevron/16px/black<br>Skip to main content<br>Please enable JavaScript in your web browser to get the best experience.
Open Search<br>Menu<br>Advice & guidance
BackAdvice & guidance<br>Our advice & guidance covers a broad range of topics
Find information for...<br>You & your family<br>Small & medium sized organisations<br>Large organisations<br>Self employed & sole traders<br>Public sector<br>Cyber security professionals<br>All advice and guidance articles
Popular topics<br>Artificial intelligence<br>Cyber attack<br>Frontier AI<br>Passkeys<br>Phishing<br>All topics
Other resources<br>Glossary of terms<br>Infographics<br>Verify an NCSC contact<br>Heightened cyber threat information<br>Cyber Governance for Boards
Respond to a cyber attack
BackRespond to a cyber attack<br>Resources for individuals and organisations in the UK who have experienced an online scam or cyber attack.
Affecting you or your family<br>Overview<br>Hacked account<br>Suspicious messages<br>Lost money online<br>Device behaving strangely<br>View more...
Affecting your small business<br>Overview<br>Suspicious messages<br>Business payment fraud<br>Infected device<br>Hacked account<br>View more...
Affecting your organisation<br>Overview<br>Ransomware attack<br>Brand impersonation<br>Denial of service (DoS) attack<br>Malware<br>View more...
Find a product or service
BackFind a product or service<br>Find a range of products & services from NCSC and certified 3rd party suppliers
In this section<br>Overview<br>Browse cyber security services<br>NCSC assured services<br>Assuring technology<br>Search assured providers<br>Cyber Essentials
Useful links<br>Active Cyber Defence services<br>MyNCSC
Education & skills
BackEducation & skills<br>Working with industry, government and academia to support the next generation of researchers, students and cyber security professionals
Find information for...<br>Schools<br>Higher education<br>Professional skills training<br>Working with the NCSC<br>Research & academia
Education & academia resources<br>CyberFirst<br>CyberSprinters (7-11 year olds)<br>CyberFirst Navigators (11-14 year olds)<br>Training resources for school staff<br>Resources for higher education institutions<br>Cyber Security Body of Knowledge (CyBOK)
Industry & skill resources<br>CYBERUK 2026<br>NCSC for StartUps<br>Industry 100<br>Cyber League
News
BackNews<br>All the latest information to help you keep track of what's happening
In this section<br>News<br>Blogs<br>Speeches<br>Reports & advisories<br>Malware analysis reports<br>CYBERUK 2026
Stay up to date<br>Subscribe
Close Search<br>Search
Popular Searches<br>Passkeys<br>Training<br>Cyber Essentials<br>AI<br>Phishing<br>Cyber Assessment Framework
News<br>Download & print article PDF
Download & print article PDF
The AI shift in cyber risk: why leaders must act now<br>Five Eyes cyber security agencies urge organisations to act on rapidly transforming cyber risk.
Vertigo3d via Getty Images
As the leaders of the Five Eyes cyber security agencies, we are united in our call to action: the evolving landscape of artificial intelligence (AI) is rapidly transforming cyber risk, and we must act swiftly to remain ahead.
A call to action
While Al will help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats.<br>Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months.<br>In this environment, cyber resilience is integral to advancing business continuity, market confidence, and long-term value. We urge leaders to:<br>understand and assess risk, readiness and accountability<br>prioritise foundational cyber security practices and controls<br>empower cyber leaders with authority and resources<br>stay actively engaged as threats and guidance evolve<br>Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy. Those that do not will face growing operational and strategic disadvantage.
The urgency is clear
AI is not a future consideration – it is already here.<br>It lowers barriers for malicious actors and increases the speed and complexity of attacks, shrinking the window between vulnerability discovery and exploitation ever more quickly. At the same time, AI offers powerful tools to strengthen defence.
A whole-of-organisation and whole-of-society response is required
Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility. Boards and executives should ensure cyber resilience is in place and works under pressure. It is not enough to have controls. Leaders must be confident those controls will perform during a real incident. This requires reassessing long-standing trade-offs and using AI deliberately to strengthen defence – not just improve efficiency.
Key Actions for Leaders
Core principles<br>Secure-by-design and secure-by-default must become standard practice – not an aspiration.<br>Resilience cannot depend on a single solution or technology....