Opinions expressed by Digital Journal contributors are their own.
The integration of digital systems and data sets over the last few years has given rise to a widespread improvement in the customer experience, thanks in large part to new insights made possible by AI.
In fact, according to the 2024 State of Retail Media report, 78.3% of retail businesses that have adopted data integration solutions have experienced a significant improvement in customer satisfaction metrics.
The efficiency benefits of AI-powered data integration are also clear to the government. The Prime Minister Sir Keir Starmer has ambitiously claimed that the British state can save £45 billion in annual productivity by digitising public services, and the announcement at London Tech Week in June that the government would roll out an AI-tool to vastly improve the efficiency of the UK’s planning system is a welcome first step.
Meanwhile, the Data (Use and Access) Bill, which has been passed under a year after it was announced by the King at the State Opening of Parliament, is a clear signal of the UK’s ambition to ramp up data integration across both public and private sectors.
But this move towards greater digitisation is not without risk: the more government and business services depend on one another for operation, the more vulnerable they are to hostile cyberactivity.
The risks posed by greater dependency on integrated datasets were laid bare in the UK at the beginning of summer, when a spate of cyberattacks on some of the UK’s best known high-street brands endangered sensitive consumer data.
In April, retailer Marks & Spencer was targeted by a ransomware attack that forced the company to suspend online orders for over a month. Personal data including names, addresses, contact details and dates of births were reportedly stolen, although M&S confirmed that passwords and payment details were not breached.
Fellow high-street retailer Co-op was targeted by the same hackers’ group, who also claimed to have compromised customer data. Although the company was praised for its quick response to the incident, which saw it take its computer services offline to prevent further data breaches, the disruption anonymous cyber groups can cause to established British businesses is a cause of significant concern.
The British government is aware of the issue and is developing legislation to bolster the UK’s cyber defences. The Cyber Security and Resilience Bill, which was announced alongside the Data (Use and Access) Bill during the King’s Speech of July 2024, sets out a number of recommendations to update the UK’s 2018 Network and Information Systems (NIS) cybersecurity regulations.
But although the Bill is expected to be set before Parliament before the current session ends in July, businesses can—and should—be adopting measures before the Bill’s implementation to safeguard consumer data.
Certification by internationally recognised standards bodies, such as the British Standards Institution and the European Telecommunications Standards Institute, is an effective means of demonstrating that a company’s cybersecurity systems comply with leading industry practices.
Firms such as Huawei and Dahua Technology, for example, have proactively demonstrated the strength of their cybersecurity protocols by achieving the ISO 27001 Information Security Management certification in recent months. Dahua, meanwhile, also announced that it had received the internationally recognised Common Criteria EAL 3+ and ISO 27701 certifications at a ceremony in Rome in October 2024, underscoring its ability to meet top international standards.
Public sector organisations are also moving to adopt cybersecurity recommendations into their digital systems. The UK’s National Health Service, for example, has adopted the National Cyber Security Centre’s Cyber Assessment Framework as a foundation for delivering a fully digitized healthcare system by 2030, following a high-profile attack in June of last year.
There’s no doubt that enhanced data integration will vastly improve the quality and efficiency of business and government services over the coming years, but the move towards greater digitisation also carries significant risks towards sensitive personal data.
Although the British government is moving to enhance the nation’s cybersecurity regulation, the inevitable timeframes for proposed legislation to pass through Parliament may leave companies exposed in the meantime.
British businesses can benefit significantly from proactively pursuing globally recognised standards to enhance their cybersecurity systems.
