Boards are asleep in cyberspace
‘Risks to financial stability have increased during 2025,” starts the Bank of England’s latest Financial Stability Report, rather gloomily. Take your pick from geopolitical tensions, fragmentation of trade and financial markets, and pressures on sovereign debt. Among the sea of risks, this caught my eye: elevated geopolitical tensions increase the likelihood of cyberattacks and other operational disruptions.
Business leaders are finally waking up to this threat. Since Jaguar Land Rover’s damaging cyberattack, directors’ concerns about cybersecurity have increased significantly. Last month they reached 58 per cent on one measure, up from 44 per cent in August 2025, according to the Institute of Directors.
It is not before time. Four in ten businesses experience a breach or attack (most commonly phishing), according to Home Office figures — and 16 per cent of breaches led to a “negative outcome”.
There have been 204 “nationally significant” cyberattacks in the past year, according to the National Cyber Security Centre. You only need to look to JLR again for the potential financial impact of operational disruption in business with an extensive supply chain: an estimated economic hit of £1.9 billion no less.
Yet only 27 per cent of businesses have a board member with responsibility for cybersecurity which is, shockingly, down from 38 per cent in 2021, according to the Home Office. What madness is this? With the rise of AI agents and AI impersonation, the risks are only mounting; AI agents can be tricked into revealing access credentials.
Moreover, the Bank of England has identified an emerging threat from the development of large-scale quantum computing. This could undermine the security of public key cryptography upon which many computer systems, including financial software, are dependent.
In this fast-changing landscape, having a board member responsible for cybersecurity is a no brainer but why stop there? To me it makes sense to install an entire cybersecurity committee, and at top level too. There is so much to do to prevent an attack — or decisions to be made should one occur. Should you pay a ransom? How hard and fast should you shut down? What kind of insurance is best? To note, only 7 per cent of UK businesses surveyed by the government had a specific cybersecurity insurance policy in 2025.
But such complacency is no longer an option and resilience is king, not just for your business but for the wider financial system. To boost resilience, the Bank of England recommends developing cyberincident response playbooks and testing responses to operational events.
For those in the FTSE, one more sobering fact to jolt you into action: the larger the firm, the more likely an attack. As the unfortunate JLR incident shows, that comes with severe disruption and a big bill.
In hock to bots
The Bank’s Financial Stability Report tackles another hot topic: the heady valuations of AI stocks. It warns that asset values are “materially stretched” which “heightens the risk of a sharp correction”.
How might the bursting of the so-called AI bubble play out? An AI-driven fall in equity prices would have a greater impact on the US economy, the Bank says, with consequences for the UK through spillovers to broader financial conditions and trade channels. UK households would also be exposed through any global holdings.
At the moment the scenario is a risk rather than a nailed-on certainty — one executive I spoke to recently thought the current capital spending on AI is entirely justified. But there’s a red flag regarding debt: The Bank warns that “financing of AI development is reaching an inflection point and while modest, debt financing is increasing quickly across multiple funding channels”. It goes on: “If debt financing of AI development increases as projected this decade, the financial stability consequences to the UK economy of any AI-driven fall in asset prices could increase.”
An AI correction in the markets is a growing possibility, but it would be a fool’s errand to say when it might happen.
Giant quest
The UK undoubtedly has some of the best universities in the world, but how do we get spinouts to mirror that success and perhaps create a longed-for UK tech giant? Christ Church, University of Oxford’s new centre for entrepreneurs appears to have come up with a winning formula and student-led firms that have secured tens of thousands in funding are developing university IP. They include Entangled, a quantum computing start-up that’s secured a £50,000 UKRI grant for its plan to make quantum computers more productive, and Autotone, a music tech start-up that is developing AI software to make amateur guitarists sound like professionals.
Their success speaks to interesting questions about how well the UK is doing on university spinouts and whether it’s possible to create a true US-style entrepreneur culture in UK universities.
Key takeaways for me from Christ Church’s Oxford Edge centre: it is a physical place students can go and use, one that makes getting expertise and mentorship as easy as joining a sports team. It provides practical tuition and skills, and access to university IP.
Crucially, over the holiday months, students are taught the core principles of entrepreneurship, already a big feature of US universities. I wouldn’t be surprised if Oxford Edge helped spawn a UK unicorn one day.
tracey.boles@thetimes.co.uk
Alistair Osborne is away
No comments:
Post a Comment