The evolving landscape of artificial intelligence (AI) is rapidly transforming cyber risk. The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years. While Al will help improve cyber defence over time, it also accelerates the speed, scale and sophistication of cyber threats. This paper identifies five urgent actions to reduce not only technical risk, but also operational, financial and reputational exposure.

Key actions for leaders

• Secure-by-design and secure-by-default must become standard practice – not an aspiration.
• Resilience cannot depend on a single solution or technology. Defence in depth remains essential.
• As AI systems evolve, new and previously unknown vulnerabilities will emerge, including zero‑day vulnerabilities.

Practical actions

1. Reduce your attack surface
2. Accelerate patching processes
3. Address legacy systems
4. Review and strengthen identity and access controls
5. Prepare for incidents before they happen.