Artificial intelligence is rapidly transforming the cyber threat landscape by giving cybercriminals powerful new tools to target businesses more effectively than ever before. Tasks that once required significant technical expertise, such as crafting convincing phishing emails, impersonation scams or developing malware, can now be automated and scaled using AI.
As a result, modern cyber attacks are becoming faster to launch, cheaper to execute and increasingly more difficult to detect.
For UK businesses, the risk of being targeted by AI-enabled attacks is growing. According to the UK Government’s Cyber Security Breaches Survey 2025, 43% of UK organisations reported experiencing a cybersecurity breach or attack in the past year. SMEs are particularly vulnerable as many lack the cybersecurity resources of larger organisations, yet still handle valuable data and play important roles within supply chains. Understanding how AI is boosting cybercrime is the first step towards building stronger defences.
In this article, we explore the most common types of AI-enabled cyber attacks affecting UK businesses today, and what organisations can do to stay protected.
5 most common types of AI-enabled attacks
Below are five of the most common types of AI-enabled attacks that may affect businesses:
- AI-generated phishing and spear-phishing
The Cyber Security Breaches Survey 2025 found that 93% of businesses experiencing cybercrime reported phishing attacks as ‘the most prevalent and disruptive type of breach or attack’. This widespread cyber threat enables attackers to use AI to generate convincing emails mimicking writing styles and company communication patterns, and translating messages into natural-sounding English in order to access sensitive information or internal systems. AI-generated phishing emails also mean that attackers can even launch simultaneous campaigns targeting thousands of organisations internationally to steal login credentials, sensitive data or to deploy malware. - Deepfake voice and video fraud Cyber criminals are now utilising AI to clone voices or generate fake videos to impersonate senior members of a company in real time. These AI-powered deepfakes are becoming a serious threat to businesses of all sizes, and it is most commonly used in payment fraud scams and business email compromises.
In 2024, British engineering firm Arup fell victim to an AI-generated scam via a sophisticated deepfake voice video call scam which resulted in £20m being sent to criminals. You can read more about this case study in the downloadable FLR Spectron Cybersecurity Whitepaper.
- AI-enhanced malware and ransomwareRansomware attacks are increasing in the UK, with AI tools being used to accelerate malware development. AI-powered malware can remain hidden inside systems for extended periods due to adaptive malware behaviour avoiding detection and the AI tools working to automatically identify system vulnerabilities.
- Automated password attacks
One of the easiest ways for attackers to gain access to internal systems and confidential information is credential theft. AI allows cyber criminals to automate credential stuffing attacks across multiple platforms, analyse leaked password databases and predict commonly used passwords. - AI-powered social engineering
Publically available data, such as LinkedIn profiles, company websites and even social media accounts, of employees can be at risk of being targeted by AI-powered scams. Armed with readily available information, attackers can create highly personalised scams which increases the likelihood of the employee engaging with the risk directly.
How companies can protect themselves against AI-enabled cybercrimes
Organisations of all sizes must prioritise cybersecurity to remain secure against data breaches and other cybercrimes.
- Implement Multi-Factor authentication (MFA)
The National Cyber Security Centre recommends MFA as a core protection for email accounts, cloud services and remote access systems. Strengthened authentication is one of the most effective ways to prevent account compromises, so even if hackers obtain passwords through AI-generated means, MFA adds a secondary verification step. Organisations can implement MFA via downloadable authentication apps, hardware security keys and one-time passcodes for their employees. - Train employees to recognise AI-powered threats
According to recent research by Accenture, more than a third of UK employees have not received appropriate cybersecurity training as part of their onboarding process, or through continued development at their organisation. Investing in training staff to identify phishing emails, suspicious payment requests, messages impersonating executives and to recognise deepfake voice calls requesting confidential information is crucial to strengthening cybersecurity.
- Utilise AI-powered security system toolsBehaviour-based detection tools powered by AI can help to identify unusual activity in accounts, analyse patterns of suspicious activity, automatically block phishing attempts, and even identify malware before it spreads. Many modern AI threat detection tools now use machine learning to spot digital security threats that traditional systems may miss.
- Improve password hygieneIntelligent AI tools can analyse leaked login credentials and even predict weak passwords, making many organisations vulnerable to exposure to dangerous scams. Improving password hygiene amongst the workforce involves enforcing strong password policies, with restrictions on password reuse, and encouraging regular password changes for all work accounts. Not only that, but it is crucial to keep software updated to the latest versions as a baseline cybersecurity protection.
- Strengthen verification requests
Similar to implementing a strong MFA process, companies should prioritise introducing strong verification processes for financial or sensitive data requests.As AI-enabled attacks often use voice cloning and impersonation scams to pose as executive level leaders, verification processes such as two-person approval for payments, confirmation of requests via a separate communication channel and having pre-agreed verification codes for urgent transactions should be considered for further peace of mind.
It’s time to close the AI security gap
Finally, AI-powered cyber threats will continue to evolve as cybercriminals and systems become more sophisticated and take advantage of gaps in security. Businesses must ensure their security strategies evolve alongside these emerging threats with proactive defence tactics and employee awareness being key ways to strengthen their cybersecurity.
Kamran Bahdur, cybersecurity expert at FLR Spectron says, “By 2025 and into 2026, the most serious AI-enabled attacks are no longer limited to better-written phishing emails. Generative AI is making impersonation, payment diversion, credential theft and fraud faster, cheaper and more convincing, while more agentic AI is beginning to compress parts of the attack chain itself through faster reconnaissance, automated post-breach activity, and AI-assisted vulnerability discovery. At the same time, organisations are creating a new attack surface of their own by deploying AI agents that can browse, call tools, handle sensitive data, and trigger actions inside business workflows.
The real shift is that companies now need to defend against both human attackers using AI and AI-driven systems that can be manipulated, over-trusted or given too much access. Strong identity controls, phishing-resistant MFA, human verification for sensitive requests, least-privilege design for agents, and proper logging and monitoring are now basic security requirements rather than optional extras.”
At FLR Spectron, we work alongside organisations and their internal teams to enhance cybersecurity and reduce the likelihood of experiencing data breaches and other attacks from AI-enabled risks. From strategising preventative cybercrime measures to improving overall identity controls and digital security practices, we help businesses to support productivity whilst maintaining their cyber defences.