Cyber Resilience and AI Risk: Protecting the UK’s Critical National Infrastructure in a New Threat Landscape

Written by David (DJ) Morimanno, Field CTO, North America at Xalient

6 November, 2025

The UK’s cyber threat landscape is accelerating at a pace unlike anything we’ve seen before. The NCSC 2025 Annual Review has made one message unmistakably clear: organisations that fail to prepare for cyberattacks are putting their future at risk. With 204 major cyber incidents handled by the NCSC between 2024 and 2025, and 43% of UK businesses reporting a cybersecurity breach, the urgency for action has never been greater.

Following the report’s release, government ministers issued an open letter urging CEOs to make cyber security a board-level priority. Cyber resilience is no longer optional – especially for organisations underpinning the nation’s economy and public safety.

Why Cyber Resilience Matters for UK Critical Infrastructure

Recent high-profile breaches affecting Marks & Spencer, Co-Op, Jaguar Land Rover (JLR), and Harrods exposed how deeply cyber incidents can affect operations, supply chains, and the wider economy.

The JLR breach alone is estimated to have cost over £2 billion, illustrating how cyberattacks can instantly disrupt industry, jobs, and essential services.

For the UK’s Critical National Infrastructure (CNI), which spans energy, water, transport, and communications, a large-scale cyberattack could be catastrophic. History shows it’s not if a breach will happen, but when.

AI: A Security Superpower — and a Growing Cyber Risk

Artificial intelligence is transforming cybersecurity, but it is also reshaping cyber risk. The NCSC’s latest guidance, including the AI Security Code of Practice, highlights both sides of this emerging reality.

How AI Strengthens Cyber Defence

AI is already being used to improve threat detection, automate response, and increase visibility across hybrid and OT environments. Capabilities such as:

  • AI-driven anomaly detection

  • Predictive threat modelling

  • Automated incident response

Tools like Microsoft Copilot and Purview are helping security teams analyse threats faster and strengthen governance and compliance.

However, AI-powered defence comes with a cost consideration, as AI tools scale, monitoring and correlation workloads rise, increasing operational expense for CNI operators.

How AI is Accelerating Cyberattacks

AI is also empowering adversaries. Threat actors are already using:

  • Deepfake voice and video fraud

  • AI-assisted phishing and social engineering

  • Prompt-based lateral movement and escalation tools (e.g., Promptlock)

  • Reinforcement-learning malware that adapts in real time

  • Polymorphic malware capable of rewriting itself

Advanced malware such as Emotet can already analyse security environments and select the best evasion strategy.

This evolution demonstrates the most pressing cyber risk in CNI today:

AI-enabled attack automation significantly reduces the time between vulnerability discovery and exploitation.

AI Safety Research: Key Insights for CNI Security Leaders

Security research from organisations like Anthropic shows how AI can be manipulated through hidden prompts, highlighting risks as AI integrates deeper into critical systems.

Recent studies, including experiments like Claude Plays Pokémon, demonstrate how subtle embedded instructions can trigger unintended behaviour.

AI capability questions continue to emerge:

  • Can AI plan ahead?

  • Could AI autonomously alter goals?

  • How predictable are large models in operational environments?

Researchers debate these topics heavily, but one thing is certain: we must understand emerging AI behaviour to defend against AI-enabled threats.

Security research from organisations like Anthropic shows how AI can be manipulated through hidden prompts, highlighting risks as AI integrates deeper into critical systems.

Recent studies — including experiments like Claude Plays Pokémon — demonstrate how subtle embedded instructions can trigger unintended behaviour.

AI capability questions continue to emerge:

  • Can AI plan ahead?

  • Could AI autonomously alter goals?

  • How predictable are large models in operational environments?

Researchers debate these topics heavily, but one thing is certain: we must understand emerging AI behaviour to defend against AI-enabled threats.

Cyber Resilience Must Evolve with AI

As AI becomes integral to UK critical systems, from power grids and transport networks to water treatment facilities,  resilience must extend beyond firewalls and endpoint tools.

True CNI resilience requires:

  • Zero-Trust architectures across IT & OT
  • Identity-based security with strong authentication
  • Continuous monitoring and threat hunting
  • Post-quantum cryptography road-mapping
  • Strong compliance alignment (e.g., NCSC, NIS2, IEC 62443)
  • Trained teams and simulation exercises
  • Collaboration across regulators, vendors, and operators

Cybersecurity is now a continuous, adaptive discipline -not a static control system.

Building the Future of Secure Critical Infrastructure

As AI reshapes cyber risk, CNI operators must balance innovation with vigilance and accountability.

The organisations that will thrive are those who:

  • Embrace modern, zero-trust-based architecture

  • Invest in identity security and access control at scale

  • Build deep security operations maturity

  • Partner with experts experienced in complex regulated environments

  • Treat cyber resilience as a strategic business priority

This is not just about defending against today’s threats. It’s about predicting and preventing the threats of tomorrow.

Picture of David (DJ) Morimanno, Field CTO, North America at Xalient

David (DJ) Morimanno, Field CTO, North America at Xalient

DJ helps clients develop IAM strategies that work in complex organisations. He’s an active practitioner and strategist, with nearly 20 years of hands-on experience in implementing market-leading IAM technologies across IGA, PAM, and Access Management. He specialises in building IAM Programs, administering IAM tools, and developing long-term strategies to support organisational objectives and business enablement. 

DJ has a passion for cybersecurity.  He is a trusted advisor for Fortune 500 clients and has helped industry executives successfully execute large-scale IAM programs through deployment.  He has extensive experience in financial services, energy, education, manufacturing, and healthcare industries. 

Search

Categories

HIGHLIGHTS

Follow us

Linkedin X-twitter Facebook-f Youtube

Speak to an Expert

Explore the power of Xalient Solutions

Get in Touch
close menu icon

Subscribe to our Newsletter!