Learn why GetApp is free

Three-quarters of surveyed UK businesses use AI in cybersecurity

Published on 15/01/2024 by David Jani

We asked nearly 1,000 UK employees about their cybersecurity priorities for 2024 and how their company is adapting to the changing threat landscape. 

Security and AI solutions are considered by two business people standing on a giant padlock

Cybersecurity is constantly evolving to mirror the changes we see in society. Attackers are always on the lookout for new vulnerabilities, and companies must find ways to defend against them while maintaining business as usual.

To discover how UK organisations view IT security going into 2024, we surveyed 995 employees who have at least some familiarity with the cybersecurity tools that their company uses. We also explore in detail how AI is used in cybersecurity. 86% of participants in the survey are either involved in security decision-making or have full awareness of their company’s cybersecurity measures, while the rest said they only have partial awareness of the measures in place. In these articles, we refer to groups of ‘more cyber-aware’ and ‘less cyber-aware’ employees accordingly.

You can scroll down to the bottom of this article for a full methodology.

The cyberthreat landscape is dominated by human factors

Robust protection begins with a proper understanding of an organisation’s vulnerabilities and threats. The more cyber-aware respondents in our survey believed that the primary cybersecurity struggle for their company is human-centric, but technological shortcomings also pose problems. The top five current vulnerabilities, according to these respondents, were:

  1. Careless employees (40%) 
  2. Cyber supply chain vulnerabilities (35%)
  3. Susceptibility to phishing/social engineering schemes (31%)
  4. Insufficient network security (30%)
  5. Unencrypted data (29%)

The same respondents also have their eye on multiple external threats going into the next 12 months, but the ones they are most concerned about tend to target people rather than infrastructure. AI-enhanced attacks, advanced email phishing attacks, and advanced ransomware attacks topped the list.

cybersecurity threats that businesses fear most over the coming 12 months

Despite the acknowledged threat and risk landscape, most people surveyed (54%) said their organisation didn’t experience a data breach in the 12 months prior to the survey. However, another 11% weren’t sure.

Of the 35% who did suffer a data breach (or breaches), 50% said the cause was external (a hacker or other outsider maliciously accessing systems) and 42% said one of their data repositories was accidentally left unsecured. Theft by insiders was a factor in 30% of cases.

Ransomware and phishing were major factors in data breaches. When we exclude these two attack types, the percentage of cyber-aware respondents who said their company has ever been the victim of a cyberattack stands at 17%. As the following sections explore, the percentages that have seen ransomware and attempted phishing attacks this year alone are comfortably twice as high.

Many experienced ransomware attacks, but most didn’t pay up

Ransomware remains an ever-present threat, and responses from the more cyber-aware employees in our survey reflect this. One-quarter said that their organisation had been subject to an attack in the previous 12 months, which involved computers being locked down until a ransom was paid. Another 17% said this had happened more than once.

In most of these cases, however, the victims never ended up paying a ransom. In fact, a ransom was only paid out in just over a quarter of cases. The rest of the time, the victims were able to recover data or simply accepted the fact that it was lost.

Graph showing how companies recovered from ransomware attacks
What are ransomware attacks?

Criminals use ransomware to lock or otherwise block access to victims’ computer systems, accounts, or data. Attackers might also threaten to leak or delete critical information. They demand a ransom to unlock the systems, which may be in cryptocurrency so it’s harder to trace. In 40% of the cases reported in our survey, the ransom demand was over £25,000.

The National Cyber Security Centre (NCSC) gives comprehensive advice to businesses for protecting against ransomware. As well as good practices like backing up data, keeping software up to date, and training employees to use IT systems responsibly, good network security is also vital.

Most have seen attempted phishing attacks at work in 2023

Phishing is a major concern for more cyber-aware employees, and respondents as a whole reported that these attacks are very common. 74% said they’re aware of people within their company (including themselves) receiving phishing emails in the past 12 months. And 56% of these said that people within their company have clicked on malicious links in these emails in the past.

What are phishing attacks?

Phishing is a technique that cyberattackers use to gain access to victims’ systems. They send messages (often via email, but increasingly using social media and other communication platforms) that aim to trick victims into giving away confidential data or downloading malicious software. Phishing is often the first step in a ransomware attack.

Email security software often includes features to defend against phishing attacks, but hackers’ techniques are evolving all the time. It’s important to have a comprehensive strategy against phishing that includes education, awareness, and simulations.

These attacks also seem to be on the rise. In GetApp’s 2023 Phishing Attacks Survey over half (53%) of respondents thought phishing attempts had increased by more than 20% over the previous three years. 

As well as deploying cybersecurity tools, companies can mitigate the risks of phishing attacks by ensuring that their employees can spot the signs of a phishing attempt and respond accordingly. They can run simulation campaigns where employees receive a (safe) email that looks like a phishing attempt as a test to see if anyone will click on the link or open an attachment. 43% said their company has run such a test in the past.

61% of companies spent more on cybersecurity in 2023 than in 2022 

The more security-aware respondents to our survey —those who are either involved in security decision-making or who have full knowledge of their company’s tooling and policies— report that their companies employ a range of tactics to defend against threats. Formal risk assessments, data classification, and a zero-trust policy all rank highly.

Security measures that UK companies use to protect data

Most employees as a whole (including less cyber-aware ones) said their company has fundamental protective measures in place when accessing IT systems and buildings. Almost all people surveyed use two-factor authentication at work to access business applications (33% for all applications and 55% for some) and just under half said their company has some form of biometric security in place.

Secondary security technology companies use to protect data
Top tip
Two-factor authentication is a common tactic used to protect IT systems. It requires a user to authenticate themselves with two independent methods —for example, a password plus either a fingerprint, a passcode, or verification on another device. It is often referred to as multi-factor authentication, especially if three or more methods are in place. Many digital services have these capabilities built in, but it’s also possible to get dedicated multi-factor authentication software to protect your critical systems.

Companies have many complementary cybersecurity solutions in place, and the trend seems to be towards greater investment. 61% of more cyber-aware employees said their company spent more on IT security in 2023 than in 2022, and only 2% reported a decrease. But most companies seem to concede that all the protection in the world won’t make them immune to attacks. Well over half (61%) also buy cyber insurance to cover their backs if an incident does occur. Policies in this area might include coverage for preventative measures, direct losses as a result of a breach, post-incident recovery, and liability cover if an attack affects third parties.

AI supports cybersecurity in three-quarters of surveyed orgs

Artificial intelligence (AI) offers new possibilities to defend companies against cyberthreats. AI-powered tools can monitor network traffic, analyse behaviour patterns, and detect malicious activities in real-time, enabling companies to proactively respond to potential threats. AI is integrated into many commonly available cybersecurity software products, while some are even sold as specific AI tools.

More than three-quarters (77%) of the more cyber-aware respondents in our survey said that their companies use AI-powered cybersecurity tools.

According to those who work for companies that use AI systems for cybersecurity, the biggest factors driving this investment are human-related. AI tools can often spot threats that target humans, but which human users might miss themselves. Phishing, social engineering, and ransomware attacks were important drivers of investment here.

Graph showing the cybersecurity threats that have driven companies to invest in AI solutions

However, these same respondents said that their future AI investment priorities are more likely to be in protecting infrastructure. Network security (48%), cloud security (48%), and email security (43%) will be the biggest areas of focus going forward.

AI investment set to grow in 2024

Companies’ confidence in AI as part of their cybersecurity defences is clear from their investment. The more cyber-aware respondents with experience of AI report that these systems can spot threats in real time, detect anomalies that indicate risky behaviour, and draw insight from multiple data sources.

Reasons companies choose to use AI for threat detection and response to cybersecurity issues

But AI is not without its challenges. For one thing, many of the technologies are relatively new in the market, and they’re not immune to manipulation by skilled hackers. The major challenges, as reported by those with some knowledge of AI security, were false positives and negatives, as well as the quality and quantity of data.

Downsides of using AI in cybersecurity
Top tip
If you’re thinking about using AI to protect against cyberthreats, consider its weaknesses as well as its strengths. Many of the companies that use AI recognise this and think these systems should be guided by humans. Most often this should be to provide context to AI-based decisions since humans understand the business-specific realities better than a computerised system can (at least for now). 50% of AI users said human expertise has a role to play here. And 47% said that humans are important to train people about cyberthreats and best practices.

Cybersecurity priorities for 2024

Participants in our survey remain vigilant against attacks that target people (such as phishing and social engineering) and have multiple solutions in place to mitigate the risks. These include awareness and training, but also extend to technology, where AI has an important role to play.

In part two, we will dig deeper into how individual employees fit into an organisation’s cybersecurity strategy and how companies can engage them in their security operations efforts.

Looking for cybersecurity software? Check out our catalogue.


The data for GetApp’s 2023 Data Security Survey was collected between November 10th and 26th 2023 and comprises answers from 995 respondents. We selected our survey sample based on the following criteria:

  • UK resident
  • Aged between 18-65 years-old
  • Full-time employee
  • Works for a company which uses cybersecurity software tools for protection and has some awareness of which tools are used

This article may refer to products, programs or services that are not available in your country, or that may be restricted under the laws or regulations of your country. We suggest that you consult the software provider directly for information regarding product availability and compliance with local laws.

About the author

David is a Content Analyst for the UK, providing key insights into tech, software and business trends for SMEs. Cardiff University graduate. He loves traveling, cooking and F1.

David is a Content Analyst for the UK, providing key insights into tech, software and business trends for SMEs. Cardiff University graduate. He loves traveling, cooking and F1.