Following last week’s International Cyber Expo (ICE) at Olympia London, we’ve shared our top five learnings from the event; reflecting on AI, cyber resilience, and key insights from e2e-assure’s latest research, Cyber Resilience in 2025: Futureproofing AI Adoption.
1. AI is Inevitable, But Not Here Yet
AI was the buzzword this year, with an ongoing debate about its growing role in cyber security. We observed that while AI is inevitable, its real-world impact on cyber security is still unfolding more slowly than perhaps previously anticipated.
Rob explained during his panel that at e2e-assure, AI tools are yet to significantly impact operations, but the message is clear: it’s coming. Our research supports this with 81% of cyber risk owners expressing concern about AI adoption, but only 29% saying they are confident in their existing policies. While the tech isn’t moving as fast as some may fear, businesses must start preparing now if they would truly like to prevent attackers getting access to their infrastructure.
However, this ‘fear’ around AI doesn’t mean that employees aren’t starting to adopt generative AI technologies such as ChatGPT to make their lives easier, even without their employers knowing – prompting the need for organisations to create AI policies to allow for safe practices. 41% of employees are using this tech on a weekly basis, with 23% of those not aware of any kind of policy on AI.
In short, employers need to adopt a culture of resilience now by implementing these AI policies before they advance and disrupt daily operations.
2. Cyber Resilience is Climbing the Agenda
Cyber resilience has never been more critical.
During his Global Cyber Summit presentation at ICE, Rob explained that in today’s day and age, there is very little point in assuming
‘it won’t happen to me’,
as in reality, it likely will. Instead, he encouraged those in attendance to switch their mindsets to assume an attack will happen and focus resource on ensuring your defences are robust enough to result in no disruption to day-to-day life.
According to e2e-assure’s research, cyber resilience has skyrocketed as the top concern for nearly half of cyber risk owners (49%), up from 36% in 2023. This sharp increase reflects the real-world challenges organisations face as cyber-attacks become more frequent— 90% of the cyber risk owners we spoke to stated that the SME they work for has experienced a cyber attack, a sharp 15% rise from 2023. Rob noted that investing in resilience measures, such as Managed Threat Protection, is no longer optional—it’s essential for future-proofing cyber security.
3. Employee Diligence is the Weakest Link
Our research found that 73% of cyber risk owners believe most cyber-attacks stem from employee negligence. This sentiment was echoed throughout the event, with many attendees emphasising the importance of effective training. While 84% of CISOs think their teams are engaged with training, only 53% of employees describe themselves as ‘somewhat engaged.’ That’s a big discrepancy!
However, Rob highlighted during our on-stand interview that pinning the blame on the employee is not always fair, as the organisations themselves must bridge this disconnect and ensure training is offered in a regular and timely manner, especially as phishing attacks and unauthorised software usage remains top frustrations for cyber risk owners.
4. Training Must be Relevant and Engaging
Of course, implementing more training would be the obvious takeaway from the above. However, our research showed that training fatigue is a common frustration, with 22% of workers citing it as a key issue.
Having sat in on Andrew Rose’s (CISO of SoSafe) talk at ICE, he echoed the notion – which outlined the finding that 89% of CISOs prioritise security culture. Yet, many don’t know how to implement this in their organisation. It’s a tricky balancing act to get right.
Our top 3 tips for effective training are:
- Make it personal
Workers are far more likely to engage when training touches on personal online safety (76%) - Timing is everything
Employees are much more receptive to training when it’s delivered at convenient times (72%), rather than during busy periods or outside of working hours. - Real-life relevance
Making training applicable to reality is crucial in keeping staff alert and prepared for emerging cyber threats.
5. The Provider Gap is Closing…Slowly
Finally, Rob pointed to a growing satisfaction with managed cyber security services. Our research shows that 26% of respondents feel their provider is exceeding expectations, up from 17% in 2023. However, this still leaves a substantial number of businesses feeling underserved. As the demand for Managed Threat Protection rises (now used by 48% of respondents compared to 33% in 2023), Rob emphasised that providers must continue to innovate and deliver exceptional value to close this gap further.
As AI and cyber threats continue to evolve, our insights from ICE underscore the urgent need for businesses to build resilience, educate their teams, and prepare for the future. You can read the full report with all our learnings to take into 2025 here.
