This year we celebrate 60 years of impact here at IFF. In that time, we’ve worked on some really interesting and impactful studies – delivering insight on topics that really matter, to help shape public policy and support better informed decisions.
As part of these celebrations, we’ve been looking back at projects that really resonated with the team. Some due to the meaningful results they produced, and the role we played in that. Others, due to the important subject matter or the valuable learning for the team. We’re going to share a selection of these project showcases over the coming months. Starting with a fairly recent study we delivered for the newly formed Department for Science, Innovation & Technology, investigating AI use in business.
Keen to understand AI adoption rates and cybersecurity practices, the Department for Science, Innovation & Technology (DSIT) commissioned us to survey UK businesses. This important research revealed a significant gap between usage and protective measures, helping DSIT make a strong case for more support for organisations and the need for further exploration.
About the client
Formed in 2023, DSIT aims to position the UK as a leader in global science and technology. They focus on the UK’s scientific, research, and technological advancements, while ensuring infrastructure and regulations support the economy, public services, national security, and government priorities.
The challenge
AI’s impact and emergence into public consciousness has made numerous headlines over the last few years. It’s something that governments have been very keen to get a handle on, especially considering its rapid evolution and huge potential to transform the way society functions. According to DSIT, there are more than 3,000 AI companies in the UK, generating more than £10bn in revenues, employing more than 60,000 people in AI related roles, and contributing £5.8 billion in Gross Added Value to the economy.
However, without suitable protections and precautions in place, there are also significant risks. Businesses are vulnerable to harms such as automated attacks, breaches of data privacy and misinformation. There’s an urgent need to address this to ensure the safety, resilience, privacy, fairness, and reliability of AI systems. As its growth is likely to outpace regulation, it is crucial to quickly gather quality information to establish robust security scaffolding and support.
One of DSIT’s immediate priorities after its formation was to assess the level of AI uptake, the purposes for which businesses were using it, and the cybersecurity measures they had implemented.
We were commissioned to assess UK businesses’ use of AI and their cyber security practices and attitudes – an area for which, at the time, the government had evidence gaps that needed addressing.
The approach
We conducted a Computer-Assisted Telephone Interviewing (CATI) survey of 350 UK businesses across seven sectors. The team identified these as sectors where AI uptake was likely to be high, as well as Critical National Infrastructure sectors where cybersecurity vulnerabilities could have significant societal impacts. The sample was stratified across these industries, with 50 interviews allocated to each area, to enable analysis by sector as much as possible.
One of the main challenges of the project was determining the specifics of AI usage. This included identifying whether businesses were actively using AI or considering its implementation, and assessing the extent to which AI tools were integrated into their systems. It was clear that we needed to ensure language was accessible and avoid technical jargon as much as possible – a tricky balance considering the complexity of the subject matter and the diverse backgrounds of the audience. Through careful questionnaire design, we were able to generate good quality data in this area.
The speed of AI’s development necessitated a quick-turnaround too, so the Department could quickly gather important data on sentiment and behaviours. We managed to deliver the required numbers and findings in just over a month.
The impact
The results from the study suggested some cause for concern and need for action. 14% of businesses had not considered cybersecurity for AI, and 47% did not have specific arrangements for AI-related risks. But over half of businesses had been using it for at least one year, with 64% already deploying at least deploying one type of AI technology. Few were aware of the implications or risks associated with AI’s use.
The survey’s key findings provided DSIT with compelling arguments for more research and the development of AI cybersecurity practice and regulation. The Department has since undertaken a range of further work around AI and cyber security to complement the survey findings, and used the research to contribute to the creation of the Code of Practice for the Cyber Security of AI.
And with a constantly changing AI landscape, there’s always the need for more up-to-date information on the latest perceptions and activity around the technology. We are currently running another comprehensive survey of 3,500 UK businesses for DSIT (this time supplemented by a round of follow-up qualitative interviews) to provide more robust, detailed data and insights on AI adoption across the economy.
Download case study
To find out more about this project, or how we could help you, contact us at hello@iffresearch.com. You can also download the case study here.