Key takeaways from the statement include:
➡️ Escalating AI-Driven Cyber Threats: Frontier AI models are now capable of performing cyber-related tasks at greater speed, scale and lower cost than skilled human practitioners, significantly increasing cyber threat exposure;
➡️ Operational Resilience Expectations: Firms are expected to strengthen protective, detective, threat containment and cyber response capabilities to address increasingly sophisticated AI-enabled attacks;
➡️ Third-Party & Supply Chain Risks: The statement emphasises the need to manage cyber risks arising from third parties, open-source software and external technology dependencies integrated into firms’ networks;
➡️ AI-Enabled Defences: Firms are encouraged to adopt automated and AI-enabled security controls to operate at comparable speed to AI-driven attacks and reduce exploitable attack surfaces; and
➡️ Response & Recovery: Firms should ensure they can respond to and recover from cyber disruption quickly, including alignment with the Bank, PRA and FCA’s 2025 effective practices on cyber resilience.
✅ Firms should reassess cyber resilience frameworks, governance arrangements, vulnerability management processes and third-party risk controls to ensure preparedness for evolving frontier AI-enabled cyber threats.