The ICO’s five steps to defend against AI powered cyber threats provide a timely reminder that cyber security fundamentals remain critical, even as attackers adopt increasingly sophisticated tools. Artificial intelligence is enabling cyber criminals to launch faster, more convincing and more scalable attacks than ever before. For UK organisations, cyber resilience is no longer simply about preventing breaches. It is about detecting threats quickly, responding effectively and protecting critical business operations when incidents occur.
In its latest guidance, the Information Commissioner’s Office importantly highlights the growing use of AI by threat actors and outlines practical steps organisations should take to strengthen their security posture.
Why AI Is Changing The Cyber Threat Landscape
Artificial intelligence is, concerningly, lowering the barrier to entry for cyber criminals whilst increasing the speed and sophistication of attacks.
According to the ICO, organisations should be aware of several emerging threats, including:
- AI generated phishing emails that closely mimic trusted contacts
- Deepfake audio and video used for social engineering attacks
- Automated vulnerability scanning and exploitation
- AI powered malware designed to evade traditional detection tools
- Credential stuffing and password attacks
- Data poisoning attacks against AI systems
- Indirect prompt injection attacks targeting AI applications
The challenge is not simply that these attacks exist. It is that AI allows them to be executed at a scale and speed that many organisations have never previously encountered.
The 5 ICO’s Cyber Security Steps
1. Understand The Threats Facing Your Organisation
The ICO stresses that effective cyber security begins with understanding the risks.
This means maintaining awareness of emerging attack techniques, monitoring industry developments and regularly reviewing how cyber threats could impact your organisation.
This means cyber security should not be viewed as a static exercise. As threats evolve constantly, organisations need a process for assessing new emerging risks.
For many businesses, this starts with:
- Vulnerability assessments
- Risk reviews
- Security audits
- Attack surface assessments
- Threat intelligence monitoring
Without visibility, it becomes difficult to prioritise security investments effectively
2. Strengthen Security Foundations
One of the most important messages from the ICO is that many successful cyber-attacks still exploit basic security weaknesses.
The organisation highlights the importance of implementing the controls within Cyber Essentials and following the Cyber Governance Code of Practice.
Key areas include:
Patch Management
AI tools can rapidly identify known vulnerabilities across internet facing systems.
Organisations should ensure software updates and security patches are applied promptly to reduce exposure.
Secure Configuration
Default settings often create unnecessary risk.
Systems should be configured according to recognised security best practices and reviewed regularly.
Malware Protection
Traditional antivirus solutions remain important but increasingly need to be supplemented with modern Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) services.
Email Security
Phishing remains one of the most common attack methods.
Modern email security platforms help identify malicious links, attachments and impersonation attempts before they reach users.
3. Protect Identity And Access
One of the strongest themes within the ICO guidance is identity protection.
Attackers increasingly target credentials rather than infrastructure because compromising a legitimate user account often provides easier access to business systems.
The ICO recommends:
- Multi-factor authentication (MFA)
- Strong password policies
- Least privilege access controls
- Regular privilege reviews
- Immediate removal of unnecessary access
Organisations should also review supplier access and third-party relationships.
Supply chain compromise remains a significant risk, particularly where suppliers have access to sensitive systems or personal data.
4. Improve Detection, Monitoring And Response
No security control is perfect.
The ability to detect suspicious activity and respond quickly is often what determines whether an incident becomes a minor disruption or a major business crisis.
The ICO recommends organisations monitor for:
- Unusual login activity
- Unexpected data transfers
- Abnormal system behaviour
- Suspicious API usage
- Indicators of compromise
Regular vulnerability scanning and penetration testing can also help identify weaknesses before attackers do.
The Role Of AI In Cyber Defence
Interestingly, the ICO notes that AI can also play a valuable role in cyber defence.
AI driven security tools can help:
- Identify threats faster
- Correlate large volumes of security data
- Prioritise risks
- Accelerate incident response
However, the ICO is clear that human oversight remains essential to ensure appropriate decision making and accountability.
5. Protect Personal Data
For organisations processing personal information, data protection remains a core responsibility.
The ICO highlights several important measures:
Data Minimisation
Only collect and retain data that is genuinely required.
The less data you hold, the less data attackers can potentially access.
Data Audits
Regularly review:
- What personal data is held
- Where it is stored
- Who has access
- How it is protected
Staff Awareness Training
Employees should be trained to recognise:
- AI generated phishing emails
- Deepfake communications
- Voice cloning attacks
- Social engineering techniques
AI Governance
Where organisations use AI systems that process personal data, they should ensure appropriate governance, safeguards and risk assessments are in place.
Cyber Resilience Requires More Than Technology
Possibly the most important message from the ICO guidance is that cyber resilience is not achieved through a single product or security control.
Successful organisations combine:
- Technology
- Processes
- Governance
- Training
- Continuous improvement
As AI continues to accelerate the capabilities of cyber criminals, businesses that invest in strong cyber security foundations will be better positioned to withstand and recover from future threats.
How Amicis Group Can Help
At Amicis Group, we help organisations strengthen their cyber resilience through a combination of managed cyber security services, governance support and proactive threat monitoring.
Our CyberGuard platform aligns closely with many of the controls highlighted by both the ICO and NCSC, helping organisations improve visibility, strengthen identity protection, enhance threat detection and develop a more resilient security posture.
Whether you are working towards Cyber Essentials, ISO 27001, cyber insurance requirements or simply looking to improve your overall cyber maturity, our team can help you build a practical and sustainable security strategy for the future.
