CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom
Guides
#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
healthtech
Search
Story image
#
Advanced Persistent Threat Protection
#
Supply Chain
#
Risk & Compliance

UK firms underprepared for AI risks as CyXcel launches DRM tool

Today
Author image
By Melvin Hipolito, Editor

New research from CyXcel indicates that a significant proportion of UK businesses are underprepared to manage the risks associated with Artificial Intelligence (AI), despite widespread recognition of AI as a critical threat.

The survey results show that although 30% of UK organisations identified AI among their top three risks, almost a third (29%) have only recently adopted their first AI risk strategy, while 31% currently do not have any form of AI governance policy in place. This gap in preparedness leaves organisations vulnerable to various risks, including data breaches, regulatory penalties, reputational issues and operational disruptions, particularly as AI-related threats become increasingly sophisticated.

A notable finding from CyXcel's study is that a significant proportion of UK and US companies remain exposed to emerging AI-specific risks. Nearly one in five (18%) reported being unprepared for AI data poisoning—a cyberattack that manipulates the data sets used to train AI and machine learning models. Additionally, 16% are not ready to deal with security incidents involving deepfakes or digital cloning.

Digital risk management

In response to these challenges, CyXcel has launched its Digital Risk Management (DRM) platform, aimed at helping organisations identify, assess and manage evolving AI risks across a range of sectors and jurisdictions. The platform integrates legal, cyber, technical and strategic expertise, assisting organisations to develop effective risk policies and governance frameworks in line with industry best practices.

Megha Kumar, Chief Product Officer and Head of Geopolitical Risk at CyXcel, commented on the motivation behind the new platform:

"Organisations want to use AI but are worried about risks – especially as many do not have a policy and governance process in place. The CyXcel DRM provides clients across all sectors, especially those that have limited technological resources in house, with a robust tool to proactively manage digital risk and harness AI confidently and safely."

CyXcel's DRM provides a dashboard that enables continuous monitoring of risks and actionable advice across seven categories: AI, Cyber, Geopolitics, Supply Chain, Technology (Operational and Information Technology), Regulation, and Corporate Responsibility. By doing so, it supports businesses in evaluating which digital solutions to adopt and how to maintain high levels of resilience in the face of cyber threats and regulatory change.

Expert visibility and support

The DRM platform offers users insights informed by both legal and technical expertise. This allows risk owners within organisations to gain targeted visibility into the intensity, trends and potential impact of threats, alongside guidance on how to manage these risks and ensure digital strategies align with overall business goals.

The platform also bridges the communications gap between executive, legal and technical functions through tailored remediation services and advice. CyXcel provides assistance in developing AI governance policies and in evaluating AI systems for security, privacy and technical weaknesses.

Compliance and regulation

Unlike conventional approaches where risk management and compliance are addressed separately, CyXcel's DRM integrates both, which the company says reduces the administrative burden. In situations involving regulatory probes or enforcement, companies have access to CyXcel's dispute resolution and litigation services, offering support from strategic planning through to court proceedings if necessary.

Organisations subject to significant regulatory requirements may benefit from the DRM platform by better protecting customer data, shielding executives from personal liability, and managing interaction with regulators. The service is particularly focused on the 26 sectors required to comply with the EU's NIS2 or DORA regulations or classified as Critical National Infrastructure in the US, UK or EU.

Edward Lewis, CEO of CyXcel, spoke about the growing complexity of the cybersecurity regulatory environment:

"The cybersecurity regulatory landscape is rapidly evolving and becoming more complex, especially for multinational organisations. Governments worldwide are enhancing protections for critical infrastructure and sensitive data through legislation like the EU's Cyber Resilience Act, which mandates security measures such as automatic updates and incident reporting. Similarly, new laws are likely to arrive in the UK next year which introduce mandatory ransomware reporting and stronger regulatory powers. With new standards and controls continually emerging, staying current is essential. CyXcel's Digital Risk Management solutions are vital to helping organisations navigate and comply with these changes."

The research underpinning the findings was based on a survey of 400 cybersecurity specialists from the UK and US, conducted independently by Censuswide. The survey respondents, all knowledgeable about their organisation's risk management processes, provided insights into the current approaches and planning around AI-related risks as well as more general digital threat mitigation measures.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Deputy names Ciaran Hale as Chief Technology Officer to drive AI
UK AI maturity drops despite continued high investment
SEON expands real-time AML suite with AI-driven risk platform
Opus 2 leads AI litigation management in major law firms survey
Pitacs selects Orderwise Cloud to boost digital transformation
Top stories
AI Agents - The struggle to balance automation, oversight, & security
Outpayce launches automated reconciliation tool for airlines
Pascal Zammit joins FourKites to drive AI supply chain growth
Gartner: AI agents set to automate half of decisions by 2027
BlackLine appoints Sam Balaji to Board for global growth drive