Former UK PM warns of vibe hacking, wants mandatory cyber insurance for larger firms
Rishi Sunak, an advisor to both Microsoft and Anthropic, has warned that cyberattacks are escalating rapidly and argues the UK should consider stronger protections – including mandatory cyber insurance requirements for larger firms.
Writing in the Sunday Times, Sunak claimed cybercrime now costs the global economy “Over £7 trillion a year,” with the UK hit for around “£27 billion annually.”
As Sunak settles into his advisory roles at Anthropic and Microsoft, roles first announced in October, he framed cyber as more than a technical problem, calling it a national resilience issue that governments and businesses can no longer afford to treat as an afterthought.
Sunak warned of “vibe hacking,” referring to a new wave of attacks in which AI tools automate tasks that previously required specialist skills.
“It used to be that only criminal groups with experienced hackers could pull off a successful raid. Now, in much the same way that we have video coding, we have vibe hacking.”
“Artificial Intelligence has massively lowered the barriers to entry,” he added, warning that cyber threats will only intensify.
At times, Sunak fell into the trap of overplaying AI’s role in attacks, citing Anthropic’s report last November, where he writes, “a Chinese state-sponsored group had used AI with almost no human intervention.”
In this case, it was more nuanced: humans designed the attack, AI performed 80-90% of the campaign, and human operators set objectives along the way.
However, the former Conservative PM, who hosted the first global AI Safety Summit at Bletchley Park in 2023 while in office, succinctly nailed the key state motives of the West’s key adversaries in cyberspace: “Xi hacks for secrets, Kim for cash, Putin for chaos,” suggesting that countries use hacking not just for espionage and theft but also for disruption.
“Too many companies respond to cyberattacks too quickly and quietly, telling no one for fear of reputational damage. That just leaves other firms vulnerable to being turned over in the same way.”
He called on organizations to stay ahead of hackers by building resilience, being transparent, and not giving in to their demands.
“Too many companies respond to cyberattacks too quickly and quietly, telling no one for fear of reputational damage. That just leaves other firms vulnerable to being turned over in the same way.”
He added that he welcomed moves by the UK‘s National Cyber Security Centre to use the Cyber Security and Resilience Bill to require all UK firms to report attacks within 24 hours.
While he rules out making ransom payments illegal, he suggests that a better approach involves using market forces.
“A better approach would be to mandate that companies over a certain size, and all businesses connected to critical infrastructure, have insurance, while their insurers would insist on them keeping their defences up to date. The markets would force those who didn't pay the price through higher premiums.”
Unlock more exclusive Cybernews content on YouTube.
