Management consultancy Kearney and analyst The Futurum Group have published research showing CEOs at high-revenue companies are putting artificial intelligence (AI) at the heart of their business strategies, and that European and North American respondents claim to have decent building blocks for AI programmes.The reports authors, three from Futurum and seven from Kearney, assert a need to avoid inflated optimism, and to maintain a focus on return on investment (ROI) and building a robust data foundations for AI efforts. They caution to prioritise measured roll-outs over all-or-nothing leaps.They said their study, Are CEOs ready to seize AIs potential?, reveals a paradox that the most successful companies are those where top leadership deliberately steps back from hands-on AI strategy.Data shows that 92% of CEOs not seeing tangible AI results insist on leading AI strategy themselves, compared to only 59% in organisations achieving measurable success, they said. This gap suggests that centralised, top-down control can hamper domain-level expertise and hinder cross-functional collaborationInterviews further revealed that when the CEO remains a strategic guide rather than a hands-on manager, resource allocation and ROI measurement (49% vs 17% among unsuccessful peers) become more effectively embedded in everyday business practices.In 2024, the researchers surveyed 213 CEOs at companies exceeding $1bn in annual revenue. They interviewed 20 CEOs in November and December about AI governance, change management, integration and talent acquisition.Some 28% of the survey respondents were from Europe, 32% in North America, 16% in Asia Pacific, 12% in Latin America, 6% in the Middle East and 6% in Africa.CEOs emerge from the study as buying into a belief in the necessity of investing in AI, despite a lack of push from customers.Many CEOs report minimal direct pressure from customers to adopt AI only 24% cite explicit client requests for AI-based solutions yet over half acknowledge feeling a strong internal imperative to prepare for AI-driven disruption, the report notes. This paradox emerged in interviews, where leaders stressed that waiting for external demands could leave their organisations behind the curve once consumer expectations shift, which they broadly expected them to do soon.One CEO, the report cites, at a global staffing firm with a European HQ, said: In three years time, things will drastically change when it comes to the impact of AI. We know that in a few years, we wont need people to do the job. It will be AI-driven.Some 89% of the CEOs surveyed agreed on the strategic importance of using AI for business transformation, yet only one in four of them feel fully prepared to integrate AI across their organisations.Companies are taking small, incremental steps this year, as they experiment with the inclusion of AI in business processes, according to the report.It cites the CEO of a North American financial services company: We are starting with pedestrian applications like customer statement generation and regulatory processes.The reports authors say: The CEO of a global retail refrigeration solutions company emphasised the importance of test cases, stating, 2025 is our target year for significant AI investments, and were focusing on learning from small-scale experiences to inform broader applications.From Europe, a clothing manufacturing companys CEO indicated a long-term intention to use AI in its core activities. We are outlining a long-term plan for AI, including innovation in fabric and machine development, which is a five-year goal, they said.However, according to the reports authors, while most leaders see AI as a game-changer for operational efficiencies or cost reduction, few have fully mapped out how to leverage advanced capabilities for higher-impact use cases.In the foreword to the report, Bill McDermott, chairman and CEO of ServiceNow, says: In terms of human productivity, AI will unlock nearly one billion hours of productivity this year for ServiceNows customers alone.This is not a time for incrementalism, he says. Its a time for exponential thinking and the courage to lead.Read more about AI and business strategyPodcast with Mark Beccue, Principal Analyst, Artificial Intelligence, Enterprise Strategy Group: Enterprise adoption of generative AI is accelerating.How to create a winning AI strategy for your business.Enterprises must stop GenAI experiments and start long-term strategies.And yet, the report seems to vindicate taking a circumspect and methodical approach to AI adoption.Data shows that organisations taking a measured, fast-follower approach 53% of the sample achieve more consistent AI outcomes than those attempting immediate, large-scale roll-outs, it says. The discrepancy is especially pronounced in firms that struggled to produce results, 58% of which pursued highly aggressive adoption.Interviews confirm that rapid expansion often exposes data and cultural resistance before robust pilots can validate ROI. By contrast, methodical followers who fine-tune smaller AI deployments first report smoother scaling and higher confidence among stakeholders.The report shows some differences between regions. European respondents show a keen interest in specialised AI hiring (63%), particularly in sectors such as manufacturing and financial services, where, according to the authors, legacy processes require domain-specific expertise.Some 77% of the European CEOs want advice on AI project management and implementation the highest among the regions suggesting, say the authors, a desire to better understand how best to structure successful AI efforts.North American organisations report making more sustained progress in AI investments than other regions, with 72% focusing on workforce upskilling, 75% grappling with the availability of specialised talent, and 39% engaged in formal pilot projects.Firms older than 10 years are focusing their AI efforts on established business goals such as customer satisfaction (76%) and supply chain resilience (42%). Younger outfits are training their AI projects more basically on revenue growth and cost reduction. Overall, 19% were focused on what the reports authors characterise as next-generation AI innovation.Some 80% of CEOs view ethical risks such as biased decision-making, privacy violations and accountability gaps as significant barriers to AI adoption. Despite this, fewer than half report having a formal AI governance framework.The CEO of a food, beverage and pharmaceutical equipment supplier based in Europe said: We are not well-prepared for handling AI failures and ethical issues. Regular crisis management procedures are probably not sufficient for AI-related incidents.And while financial institutions commonly embed security reviews into every phase of AI deployment, according to the repot, industries like consumer packaged goods and media appear more exposed. Interviews done for the report suggest that only half incorporate robust cyber security frameworks into AI roll-outs, leaving potential vulnerabilities unchecked. As AI permeates more functions, bridging that security-ethics gap may become a vital strategic step for boards and C-suite executives.The next frontier in enterprise automation is agentic AI AI systems that are capable of autonomous action and decision-making.The Kearney and Futurum report found that most of the CEOs surveyed foresee agentic AI reshaping how business decisions are made rather than just automating processes. Indeed, an audit firm CEO believes AI will replace their entire core business.

The State of digital government review, published by the Department for Science, Innovation and Technology, has portrayed the highly fragmented nature of public sector digital services.A root cause of the problems with public sector digital services, according to the review, is that fragmentation is a feature of the system. One of the challenges noted by the authors of the review is that public sector organisations are independent bodies with limited mechanisms to contract services from each other.Most choose to build and maintain their own technology estate, inhibiting standardisation, interoperability and reuse, and constraining the ability to benefit from scale, the review stated.This leads to inconsistencies in architectural design, product management, operations and development between organisations, and hence fragmented digital services. For instance, compared with services such as remote banking, which is used by 86% of adults, the review reported that approximately half of central government and NHS services still do not offer a digital pathway.The review noted that while the government budget for technology initiatives was 26bn in 2023/24 (5.9% of the governments operating fund), data from Gartner suggests this is 2.9% lower than the percentage of operational expenses spent on technology in similar-sized organisations.The review warned that this underinvestment in technology increases long-term costs and the total cost of ownership, with maintenance of legacy systems costing three to four times that of modern alternatives, as demonstrated by HMRCs contracts for the maintenance of Cobol systems.It also reported that the government tends to be biased towards new programmes, with insufficient prioritisation of effective operation and maintenance of legacy assets.The reviews authors warned that legislation often comes without additional funding, which forces reprioritisation of previously allocated budgets.The funding challenge is set to worsen given that digital and data projects are moving from capital expenditure towards subscription-based services, which increases the reliance on committed ongoing funding.The shift from outsourcing to building internal teams and buying platform services is also covered in the review. The authors noted that government procurement and supplier management processes have not changed from a focus on a capital purchase model to a subscription-based model and the move away from on-premise systems towards software as a service (SaaS) and cloud computing.They also pointed out that systems integrators have become the dominant service providers, acting as resellers for major platforms. The technology supply chain has consolidated over time as platform providers take on more traditional supplier roles, such as hardware provider, datacentre provider and database software provider.The review recommended that government sourcing decisions should more actively incorporate these market drivers and conditions, as well as requirements and preferences of the contracting organisation.Another area of concern raised in the review is the ability of public sector bodies to take advantage of shared services, identifying seven resellers that provided Google products (services, software and licences) across 12 departments with 10% in missed volume discounts. It also found that the government was exposed to VMwares pricing increases following the Broadcom acquisition due to the lack of a cross-government commercial agreement.Additionally, it said each of the NHSs 209 secondary care entities negotiates and buys its own infrastructure including cloud, networking and end user computing and each of the 320 councils largely negotiates its own technology agreements outside of buying groups.Looking at why government digital services appear to be disconnected, the review found that a combination of technical limitations, risk-averse cultures, unclear regulations and different governance standards is leading to data fragmentation. The reviews authors reported that legacy systems pose a major challenge to real-time data sharing, such as Cobol systems in HMRC, which require additional software to share data via application programming interfaces (APIs).Another of the issues identified as making digital public services less than ideal is the challenge for councils to ensure that systems and data are interoperable. This is often due to barriers put in place by legacy IT suppliers and/or the high costs of APIs needed to integrate different systems. This, according to the review, significantly hinders digital transformation.Overall, the review warned that underinvestment in technology and a heavy reliance on legacy systems mean artificial intelligence (AI) and emerging technologies will continue to be underutilised due to the cautious cost/benefit-driven funding approaches applied to nascent technologies. It said this lack of investment means public sector bodies are missing automation, productivity and service delivery opportunities.Secretary of state for science, technology and innovation, Peter Kyle, said the review shows the gap between the state and the private sector. Describing the review as, a comprehensive evaluation of the United Kingdom's public sector digital infrastructure and capabilities, he said: Successes are too often achieved despite the system: they rely on the dedication of experts doing their best with limited resources, navigating processes which were not designed for a digital age, and implementing policies which were not designed to be digital first.Read more government IT storiesCan UK government achieve ambition to become AI powerhouse? The artificial intelligence opportunities action plan has been largely well received, but there are plenty of questions about how it will be achieved.UK government secures 10bn AI datacentre investment from US firm: The prime minister has announced that 10bn in overseas investment has been secured to fund the construction of a hyperscale, AI datacentre in Northumberland.

BrunoWeltmann - stock.adobe.comNewsHyperscalers to spend a trillion dollars on AI optimised hardwareThe market for AI optimised servers is growing, driven by hyperscalers and IT services firms developing AI-enabled servicesByCliff Saran,Managing EditorPublished: 21 Jan 2025 11:00 The latest spending forecast from Gartner predicts that more than twice as much is being spent on AI-optimised servers compared with traditional servers. The analyst firm has forecast that $202bn will be spent on AI-optimised servers in 2025.Gartners data shows that server spend amounted to approximately $130bn in 2022. This figure rose by a small amount in 2023, in line with Gartners forecast to $134bn as GPU servers began to ship.The latest data shows that spending on datacentre systems, which includes servers, grew to $329bn in 2024 and is forecast to grow by over 23% this year, which means, according to Gartner, that $405bn of servers will be sold in 2025, driven by adoption of AI-optimised servers. Gartner predicts spending on AI-optimised servers to easily double spending on traditional servers in 2025, reaching $202bn.However, the bulk of the servers purchased, as John-David Lovelock, distinguished vice-president analyst at Gartner, notes, is not being made by enterprise IT. By 2028, hyperscalers will operate $1tn dollars worth of AI optimised servers. IT services companies and hyperscalers account for over 70% of spending in 2025, said Lovelock.While the hyperscalers will offer AI-optimised servers as part of their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings, Lovelock said they are mainly deploying them to offer generative AI (GenAI)-enabled services to businesses and consumers.Gartner has also predicted that IT buyers will be spending 14.2% more on software this year. This is partly being driven by price increases as software providers embed AI into tier products. There is also 9% growth in the IT services market.Technology companies are starting to embed GenAI in their products and bumping the price a bit, Lovelock said.Looking at the device market, Gartner expects spending to increase 10.4%. While some of this growth is likely to come as a result of the PC refresh cycle as businesses upgrade to newer devices and the need to migrate over to Windows 11 before October 14th this year, manufacturers are increasinging prices, making AI PCs premium products.These AI-enabled devices are designed to improve the performance of GenAI and AI-based applications, offering on-device AI inference capabilities. They potentially offer a means to deploy GenAI on local devices across the organisation, in a way that avoids data leakage that can occur when using cloud-based GenAI. However, there is no compelling reason for IT leaders to pay a premium for these devices yet.GenAI is sliding toward the trough of disillusionment, which reflects CIOs declining expectations for GenAI, but not their spending on this technology, said Lovelock.For instance, the new AI-ready PCs do not yet have must have applications that utilise the hardware. While both consumers and enterprises will purchase AI-enabled PC, tablets and mobile phones, those purchases will not be overly influenced by the GenAI functionality.Overall, Gartner forecasts that worldwide IT spending is expected to total $5.61tn in 2025, an increase of 9.8% from 2024.Read more IT spending storiesIs diversity suffering because of budget management? Many are considering quitting their jobs over the next year because of rising workloads and falling team sizes. Are firms misallocating budgets and causing retention issues?Overcoming the cyber paradox - Shrinking budgets, growing threats: The challenging macro environment has left security budgets stretched thin even while new tech like AI presents a threat multiplier. In the face of these challenges, it becomes vital for security leads to do more with less.In The Current Issue:Can the UK government achieve its ambition to become an AI powerhouse?A guide to DORA complianceDownload Current Issue

CW+ Premium Content/Computer WeeklyThank you for joining!Access your Pro+ Content below.21 January 2025Will the UK become an AI powerhouse?In this weeks Computer Weekly, we analyse the UK governments new AI strategy and ask if the ambitious plans are achievable. The latest EU regulation affecting cyber security, called DORA, will affect digital resilience plans for many businesses we examine the implications. We also look at the benefits and technologies behind cloud data lakes. Read the issue now.Access this CW+ Content for Free!Already a member? Login hereFeaturesin this issueCan UK government achieve ambition to become AI powerhouse?byCliff SaranThe artificial intelligence opportunities action plan has been largely well received, but there are plenty of questions about how it will be achievedA guide to DORA compliancebyCliff SaranWe look at the new EU regulation for cyber resiliency, the role of IT asset management in auditing and third-party risksView Computer Weekly ArchivesNext IssueMore CW+ ContentView All

Asylum seekers residing in a Greek refugee camp funded by the European Union (EU) are subjected to invasive phone confiscations and legally dubious monitoring by artificial intelligence (AI)-driven surveillance systems, a report has revealed.Published by non-governmental organisations (NGOs) I Have Rights (IHR) and the Border Violence Monitoring Network (BVMN), the findings detail privacy violations and questionable data practices that underscore growing concerns over the role of technology in migration management.As the EU increases its reliance on technology for migration management, Greeces refugee camps have become experimentation sites for AI-driven solutions. But the findings which centre on the Samos Closed Controlled Access Centre (CCAC), Greeces flagship EU-funded refugee camp raise critical questions about the cost to fundamental rights and privacy in the name of border control.This scrutiny follows a 175,000 fine issued last year to Greeces Ministry of Migration and Asylum by the Greek Data Protection Authority (DPA) for violations of data protection laws, adding further weight to concerns over the legality of the countrys surveillance practices.According to the report, 88% of asylum seekers interviewed said their mobile phones were confiscated upon arrival in Samos. Devices were taken without explanation, with many individuals coerced into unlocking them or providing passcodes. Upon return, some phones showed evidence of tampering, such as accessed applications, deleted photos, or altered battery levels.The legal basis for these actions remains unclear. While Greek authorities deny the practice, Frontex, the EU border agency, confirmed in correspondence with IHR that phone removal is included in confidential operational plans. Legal experts argue that such practices likely violate EU data protection laws, including the General Data Protection Regulation (GDPR).You could not say no [to the police], one asylum seeker told researchers. When they arrived, they were screaming and giving orders, as if we were arrested.Another said: I felt like a prisoner, I was thinking this is the punishment for having come illegally.Computer Weekly has independently gathered testimonies from asylum seekers who report that their mobile phones were confiscated upon arrival on Samos, as well as other Greek islands and the mainland.It remains unclear whether data is extracted from mobile devices and how officials use it. Still, the possibility has raised concerns about its potential impact on asylum procedures.Frontex spokesperson Chris Borowski told Computer Weekly via email that the agency operates strictly within the boundaries of EU law and fundamental rights are at the core of all our activities.He added: Frontex does not have the authority to confiscate personal devices or access private data. These are matters handled by national authorities, and we expect any such actions to comply fully with national and EU laws.The Greek police did not respond to Computer Weeklys request for comment by the publication deadline.The report also highlights the deployment of Centaur and Hyperion, two EU-funded surveillance systems that rely on artificial intelligence and biometric data. Centaur uses CCTV cameras, drones and AI-based motion analytics to automatically flag threats in the camp and its vicinity, with data monitored remotely by the Greek Ministry of Migration and Asylum in Athens and officials on several islands. Hyperion, meanwhile, relies on biometric data to control access to the facility.The pervasive surveillance has turned the Samos CCAC into what many describe as a high-tech prison-like structure. The NGO report highlights evidence that cameras appear to have been placed in areas where privacy would be expected, such as inside corridors and containers where people sleep.At any moment, you are being watched, one respondent told researchers.The vast majority (92%) of Samos CCAC residents interviewed reported not being informed by authorities about CCTV monitoring, with 85% stating they had not seen any signs indicating camera usage.Likewise, all camp workers interviewed confirmed they had received no information from authorities about the cameras and could not recall seeing any signage indicating the facility was under surveillance. Almost all respondents reported they did not recall consenting to their data being processed.The IHR report combined multiple methods, including analysing publicly available documents and freedom of information requests. It is based on interviews with 59 camp residents, seven workers, and nine experts between December 2023 and December 2024.Additionally, researchers collaborated with residents affected by the technology to file data subject access requests (DSARs), a legal tool that lets individuals access personal data held by companies, organisations, or government agencies. This effort represents the first publicly known success in investigating these systems through DSARs.The resulting report offers the most detailed and comprehensive account to date of the phone extraction practices at the Samos CCAC and the impact of other tech-driven practices on asylum seekers.The Centaur and Hyperion systems have been developed with the participation of both Greek and Israeli technology companies. According to the report, two Israeli firms, Viisights and Octopus, play key roles in the surveillance infrastructure.Viisights specialises in behavioural recognition video analytics and has provided AI software advertised as capable of detecting threats. The report noted that video footage from the Samos CCAC obtained via DSARs was watermarked with Viisights branding, confirming its involvement.Computer Weekly has learned that Viisights is undergoing insolvency proceedings, casting uncertainty over its future involvement in Greek camp operations.Octopus, another Israeli firm, supplies security solutions that integrate data from multiple surveillance technologies, such as cameras and drones, into a centralised control system, as seen at the Athens control room. The Octopus platform is also used by Israels Ministry of Defence and the private company Coca-Cola, according to the companys website.Some consider the involvement of Israeli firms in refugee camps controversial, with critics accusing them of using marginalised populations to trial surveillance technologies that could later be applied in militarised settings.Neither Viisights nor Octopus responded to Computer Weeklys request for comment by the publication deadline.At least three Greek companies are also involved in the Centaur and Hyperion projects. They include ESA Security Solutions, Space Hellas and ADAPTIT.The Greek DPAs investigation into the surveillance systems, which concluded last year, uncovered significant shortcomings in the implementation of the Centaur and Hyperion systems, including incomplete and inadequate data protection impact assessments (DPIAs).A Computer Weekly investigation last year revealed that Greek authorities appeared to retroactively attempt GDPR compliance only after implementing the systems, a violation of data protection laws. This investigation also highlighted several issues later cited in the DPAs decision.Alongside the record fine, the Greek Ministry of Migration was instructed to align the security programmes with GDPR requirements. However, it remains unclear whether any corrective actions have been taken.Computer Weekly contacted the Greek Ministry of Migration and Asylum for comment but did not receive a response.The Samos CCAC is part of a broader EU initiative to modernise migration management. However, critics warn that the facilitys high-tech infrastructure may serve as a model for replicating invasive surveillance across Europe under the new EU Pact on Migration and Asylum. The EU and Greek authorities promised that the CCAC would be a model, humane facility. Yet reports both from people on the move and workers attest to the inhumanity of the structure and its panoptic surveillance architecture Ella Dodd, I Have RightsElla Dodd, advocacy and strategy coordinator at IHR on Samos, said: People seeking safety on our island are not criminals. The EU and Greek authorities promised that the CCAC would be a model, humane facility. Yet reports both from people on the move and workers attest to the inhumanity of the structure and its panoptic surveillance architecture.Report correspondents identified phone removal as the most invasive and distressing use of technology in the camp. Still, most of the asylum seekers interviewed placed more importance on immediate concerns such as overcrowding, poor living conditions, inadequate medical care and the stress of navigating asylum applications over the camps surveillance systems and phone seizure practices.Some even expressed indifference or resignation toward these technologies and their use, viewing them as less pressing than other hardships.The NGO report urges immediate action, including halting phone removals, replacing biometric systems with less invasive alternatives and ensuring transparency in the deployment of surveillance technologies.The Greek migration ministry did not respond to a request for comment regarding the reports findings.Read more about technology and migrationInterview: Petra Molnar, author of The walls have eyes: Refugee lawyer and author Petra Molnar speaks to Computer Weekly about the extreme violence people on the move face at borders across the world, and how increasingly hostile anti-immigrant politics is being enabled and reinforced by a lucrative panopticon of surveillance technologies.Starmer announces tech-enabled crackdown on people smuggling: The UK government has announced a further 75m of funding for its Border Security Command, meaning it will now have 150m over two years to spend on new technologies and staff.English Channel surveillance used to deter and punish migrants: Instead of opening safe and legal routes to the UK, the countrys border control ecosystem is deploying surveillance technologies in the English Channel to deter migrant crossings, it is claimed.

Felipe Caparrs - stock.adobe.cNewsGovernment calls for expert views on computer evidence to learn lesson from Post Office scandalThe government is calling for evidence from experts in computing and law to help it ensure no repeat of the miscarriages of justice in the Post Office scandalByKarl Flinders,Chief reporter and senior editor EMEAPublished: 21 Jan 2025 0:01 The Department of Justice has issued a call for evidence as it examines the role of computer evidence in the criminal justice system to prevent another Post Office scandal.Computer evidence was used to wrongly convict hundreds of former subpostmasters and their staff, based on evidence from the error-prone Horizon computer system from Fujitsu used in branches.It has become widely known as one of the biggest miscarriages of justice in UK history and led to calls to scrap the legal presumption that computer evidence is accurate.In 1999, thepresumption was introduced into law on how courts should consider electronic evidence. The rule followed a Law Commission recommendation that courts should presume a computer system has operated correctly unless there is explicit evidence to the contrary. This replaced Section 69 of the PACE Act 1984, which stated that computer evidence should be subject to proof that it was operating properly.The 12-week call for evidence will invite views on the presumption from across the justice system and beyond, including from computer experts.Justice minister Sarah Sackman KC said: We must learn the lessons of the Post Office scandal. A blanket no questions asked acceptance of the accuracy of digital evidence can have a devastating impact on peoples lives. We must learn the lessons of the Post Office scandal. A blanket no questions asked acceptance of the accuracy of digital evidence can have a devastating impact on peoples lives Sarah Sackman, Ministry of JusticeWe need to carefully consider how we can both use and interrogate digital evidence in court. Ensuring people are protected from miscarriages of justice is vital, and one part of the governments Plan for Change, added Sackman.Stephen Mason, who has campaigned for the presumption to be scrapped and co-edited Electronic evidence and electronic signatures, the open source practitioner text for judges and lawyers, said: This call is overdue but most welcome. I and my colleagues look forward to engaging in the discussion.Peer James Arbuthnot, who along with colleagues in Parliament has been pushing for changes to the rules on computer evidence, welcomed the call for evidence. Theyve got to do more than ask for evidence, he said. Theyve got to treat it properly and come up with some solutions because weve been making all the running on this and its time that the government actually did something.Arbuthnot campaigned for justice for subpostmasters for nearly two decades after his constituent, Jo Hamilton, was convicted of false accounting by the Post Office. Hamilton, who along with others helped expose the Post Office scandal as one of the biggest miscarriages of justice in history, had her wrongful conviction overturned in 2012.Hamilton told Computer Weekly: It should not be up to the accused to prove that the computer wasnt working at that moment in time. The prosecution should have to prove it was. The law needs to be changed.Read more about the rules on computer evidenceAccording to the Ministry of Justice announcement, the call for evidence is seeking expert input on how computer evidence should be defined, and what could fall into scope of any change to the law.It gave an example that distinctions might need to be drawn between general digital evidence like text messages or social media posts, and evidence which has been specifically generated by a computer system or software.Court of Appealjudge Peter Fraser, who took charge of the 2018 High Court battle between the Post Office and 555 former subpostmasters that focused on the reliability of the Post Office Horizon system, spoke at a recent Inner Temple talk, titled The use of electronic evidence in the law.He said the Law Commission presumption, which found its way into statute nearly 30 years ago, needs to be replaced, but its replacement is not a simple choice. Its very difficult to know now how courts in the future the next 10, 20, 30 years are going to deal with computer-generated evidence, or evidence from computers, or evidence about the operation of computers. What is important is being aware of what can be changed, he told the audience.There needs to be some flexibility in how we approach it because the current complexity is just going to get more and more marked, he added.The Post Office scandal wasfirst exposed by Computer Weekly in 2009, revealing the stories of seven subpostmasters and the problems they suffered due to the accounting software(see timeline of Computer Weekly articles about the scandal below). Read expert analysis of computer evidence rulesIn The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current Issue

Patryk Kosmider - stock.adobe.coNewsLabour announces plans to overhaul digital government The Government Digital Service will be expanded along with changes to the way technology is funded, built and delivered across the public sector, as Labour aims for improvements previous administrations struggled to achieveByBryan Glick,Editor in chiefPublished: 21 Jan 2025 0:01 The UK government has announced wide-ranging plans to overhaul the way technology is funded, implemented and acquired across the public sector to accelerate the development of digital services to benefit citizens.The Government Digital Service (GDS) will be expanded, a new commercial function is being established, and HM Treasury is to experiment with more modern ways of budgeting for the introduction and ongoing spend on technology.Several new artificial intelligence (AI) tools will also be launched to support civil servants with the aim of speeding up decision-making across Whitehall.Sluggish technology has hampered our public services for too long, and its costing us all a fortune in time and money, said Peter Kyle, secretary of state at the Department for Science, Innovation and Technology (DSIT).We will use technology to bear down hard to the nonsensical approach the public sector takes to sharing information and working together to help the people it serves. We will also end delays businesses face when they are applying for licences or permits, when they just want to get on with the task in hand growth. This is just the start.GDS is to be re-merged with the Central Digital and Data Office (CDDO) which was split away from GDS by the previous Conservative government in 2021. Two other teams, the Incubator for AI and the Geospatial Commission, will also become part of GDS. Each of those organisations were brought under control of DSIT after Labour won the 2024 general election.A new government chief digital officer will be recruited, responsible for the digital profession across Whitehall. The previous holder of the post, Mike Potter, left in September last year amid speculation that GDS and the CDDO which he led were to be brought back together.Kyle will today launch a new blueprint for a modern digital government targeting 45bn in productivity savings across the public sector, which will do away with insensitive and antiquated processes that have been holding this country back for too long, according to DSIT.A Digital Commercial Centre of Excellence will be set up to overhaul management of the 23bn annual government spend on technology. Its remit will extend into local authorities, for example by enabling councils to negotiate contracts jointly to save money, as well as opening up more opportunities for tech startups and scaleups to win contracts from government.The Treasury will experiment with a new approach that recognises how modern technology works although few details were included in the DSIT announcement, it appears to suggest that budgeting for digital services will take a more agile, iterative approach, instead of the traditional upfront spending followed by smaller annual maintenance costs. Such an approach has been called for by digital government experts for many years.DSIT will introduce a framework for finding and buying AI solutions aimed at making sure small projects can happen quickly as well as addressing barriers to using AI at scale.The blueprint will also introduce mandatory rules for public bodies to publish application programming interfaces (APIs) to enable and improve data sharing across government a move that was first proposed as a long ago as 2011 by government digital advisor Martha Lane Fox.DSIT is also launching a set of internally developed AI-based tools intended to support the work of civil servants which are being branded under the name Humphrey, a reference to the fictional civil service chief Sir Humphrey Appleby from the former BBC TV comedy Yes, Minister.Humphrey will offer applications including:Consult, which analyses responses to government consultations to present policy makers with interactive dashboards to explore what the public said.Parlex, which helps civil servants search and analyse Hansard texts of debates from the Houses of Parliament.Minute, a secure AI transcription service for meetings, producing customisable summaries in formats required by public servants.Redbox, a generative AI tool to help with day-to-day tasks, such as summarising policy and preparing briefings.Lex, which analyses and summarises relevant laws.Other initiatives announced by DSIT include a Technical Design Council, a Responsible AI Advisory Panel, and a review of salaries for digital experts employed in the public sector, in the hope of making tech jobs more competitive with the private sector.Last week, prime minister Keir Starmer announced an AI action plan for government, highlighting new policies and opportunities for using AI to support economic growth and improve public services.More details will be published alongside the Spending Review in the summer, including priorities for the use of technology across government and a Digital and AI Roadmap.My department will put AI to work, speeding up our ability to deliver our Plan for Change, improve lives and drive growth, said Kyle.Work and pensions secretary Liz Kendall added: Outdated technology is holding us back. Sluggish manual processes mean people dont get the help they need quickly enough. Thats why we want to use the latest AI technologies to bring Jobcentres into the 21st century, giving our brilliant staff the tools they need to offer more personalised services to jobseekers.The latest announcements follow the publication by DSIT of a study into the state of digital government, written by external consultants from Bain & Company, which identified 45bn of potential savings through better use of technology by government including 14.5bn spent on external consultants, a figure estimated to be three times higher than if civil servants were to do the same IT jobs.The study also said a quarter of IT systems used by central government are outdated, leading to huge maintenance costs, estimated at three to four times more money than if the technology was kept up to date.An April 2024 report from the Public Accounts Committee of MPs highlighted significant issues with ageing IT systems and called on government to stop making the same mistakes when it came to upgrading legacy IT.The digital blueprint is the Labour governments first major attempt to overhaul the delivery of technology across the public sector. Under the Conservative government, numerous digital strategies were published between 2010 and 2022, each promising to improve digital public services, address legacy IT issues, cut costs and modernise government.Read more about digital governmentRewiring Whitehall: The next steps in digital government: Theres a new government in place with fresh impetus to accelerate the digital transformation of public services but whats going to be different, better and more successful this time around?Digital transformation - the missing government mission? Not for the first time, an incoming government has an enormous opportunity to improve public services through digital transformation but whoever wins the general election will need to learn the lessons of the past.Resetting digital government: After years of trying to digitally transform the public sector, with varying degrees of success, could a change of government finally herald a new and better approach?In The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current Issue

Those Beyond started life as the tech lab of fintech unicorn Thought Machine, supplying cloud-based core banking systems to the worlds biggest banks.Now, after setting off in a different direction to its former parent, it is on an innovation journey that started with a product not aimed at the JP Morgans or the Lloyds Banks of this world, but at four- to six-year-old children.This contrasting customer base reveals the vast opportunities to use financial technology to improve peoples lives and invigorate the banking sector.With its first product, Nestlums (pictured above), a digital and physical version of a piggy bank that is on the shelves at John Lewis, Those Beyond is ready to help fuel the Apple-ification of banking, according to Mark Warrick, CEO and founder of the company.Before founding Those Beyond, Warrick was chief design officer at Thought Machine, where he spent seven years helping with the Google-isation of banking.Warrick was one of the early employees at Thought Machine, which was established in 2014 by former Google head of text-to-speech Paul Taylor, along with other former employees of the tech giant.It offers an all-in-one cloud-based core banking software, known as VaultOS, which helps solve the biggest IT challenge for banks, replacing the legacy systems that are holding them back.It was hailed as the future and an opportunity for large, traditional banks to throw off the shackles of legacy systems and, like their digital-focused challengers, harness the latest technologies.One aspect of Thought Machines approach to the market was to demonstrate, through its labs, some of the cool apps it could build on top of its cloud platform that banks could offer customers. Thought Machine Labs was a 12-person studio led by Warrick. Its great to do cloud-based banking, but its even better if you do cloud-based banking and win more customers out of it Mark Warrick, Those BeyondIt was a really interesting way of helping Thought Machine get into the market. We would invent things on top of the platform and demo them to banks, he tells Computer Weekly.These included an app that enabled customers to chip away at their mortgages. Other creations included software to hyper-personalise loans and a digital piggy bank, says Warrick.He says these types of creations, which were made possible by the Thought Machine platform, would demonstrate what cool software the company could deliver.Its great to do cloud-based banking, but its even better if you do cloud-based banking and win more customers out of it, says Warrick.Those Beyond was created out of Thought Machine Labs in 2021, when Warrick left the company but took the whole labs department with him.Read more about Thought MachineDont bank on Google Bank, bank on banks becoming Google-like: The journey to Google bank is happening as the UK 's Lloyds Bank signals its intent to move to a platform inspired by the workings of the Google engine room.Lloyds Bank to migrate hundreds of thousands of customers to Google-inspired fintech: Following its announcement that it was exploring the use of a fintech platform, Lloyds Bank has been quick to plan customer migration.Thought Machine: Google-inspired banking fintech to unicorn and beyond: UK fintech unicorn Thought Machine is transforming the IT of large traditional banks, while working with fledgling digital-only challengers.I remember speaking to the board and the investors and saying, look we have done our job, we have helped banks understand what the Thought Machine platform does, but the platform is now selling itself and you dont need us, he recalls.Thought Machine had already built an impressive list of customers, including banking giants JP Morgan and Lloyds Banking Group. It was a really nice moment in the board where they agreed and we span out, with Thought Machine investors owning shares in us, adds Warrick.After receiving early investment, Those Beyond, with an even mix of software engineers and designers, took about five consumer product concepts with it.Its first product, Nestlums, was originally a toy that plugged into the Thought Machine platform. It sparked an idea for Warrick. The piggy bank is dead. Kids these days see their parents tapping phones, and parents these days just dont have coins and notes, he says.In the past, the piggy bank was the best way for young kids to learn financial literacy. I had young kids at the time, and they didnt know what money was, but what if they had this toy that tells them how much money they have when they shake it?Thought Machine never launched the product, but Warrick says whenever he discussed the idea with a bank, they loved it because its not the kid that is buying the toy, but the parents, who are perfect customers of banks, with potential needs for mortgages and loans.He adds: It never got launched, and I still say today that many of the products we had were too far ahead of their time because banks move so slowly.Those Beyond took it from idea to product as an experiment to test the boundaries. Coined a pocket money pet, this first version of Nestlums is aimed at very young children from four to six years old. The toy enables parents to keep track of how much pocket money they have given their children. This is so simple and it doesnt even connect to a bank, but is a pocket money tracker.The aim of this first-generation launch is to prove it in the market, says Warrick. These kids are so young and they are getting money from parents and grandparents and the like, and this is a way for parents to keep track of it. We thought lets try it and see if the idea has any legs.Warrick said the first challenge was to manufacture the toy and get it certified before finding a retailer to sell it.Nestlums was a John Lewis bestseller four weeks in a row in December 2024.The second generation of Nestlums will be subscription-based and will connect to a bank account via open banking.Warrick says the company is biding its time on other product concepts, which he describes as heavier, such as enabling people to chip away at mortgages and the hyper-personalisation of loans.Despite fintech being well established, he says there are aspects of banking that still offer opportunities for disruption. There is nothing better than working in a sector that hasnt matured yet in terms of art and emotion. Other sectors did it quickly. Computing used to be beige boxes, megahertz, RAM, and then we got things like Apple, which changed things, he adds.It has already started in banking, with Monzo and its pink bank card. It was the coolest-looking bank card in town, and it suddenly became fashionable. Never before had banking been fashionable, says Warrick.While Thought Machine, which provides an IT engine for banks, was inspired by Google, the likes of Those Beyond want Apple-inspired banking. All the different areas, from kids banking to mortgages, are ready for Apple-ification, says Warrick. There is no better a playground than one like banking that is void of any emotion or fashion.

peshkov - stock.adobe.comNewsGovernment plans to revamp digital services to save 45bnLegacy IT and the use of tech contractors is costing taxpayers billions. The government aims to fix the public sector with AI and new digital servicesByCliff Saran,Managing EditorPublished: 20 Jan 2025 14:15 The government is pushing the idea of using more digital tools and artificial intelligence (AI) to improve the efficiency of the public sector.The new digital strategy for public services involves transforming citizens experiences of government services, improving productivity and strengthening the foundations from how data is used. It also includes boosting skills and attracting talent.The adoption of digital technologies has the potential to save taxpayers 45bn, as well as make it easier for people to access government services. The strategy is tied into the governments Plan for Change to drive economic growth by helping businesses get the approvals they need more quickly.Among the technologies being discussed is a new government smartphone app, which could be used to hold a virtual driver licence details, which could be used as a form of national ID, according to The Times.Technology secretary Peter Kyle said that he wants to overhaul public sector technology in a bid to reduce costs and improve the peoples experience when dealing with public sector services. The overhaul of public services is being positioned as an approach that will free public servants and doctors to spend more time helping the people they serve.Technology that sits at the foundation of our country has been left to wither and decay under the hands of the previous government, too often grinding to a halt and stalling essential public services racking up a huge bill for the taxpayer.It doesnt have to be this way and it wont be with our Plan for Change. There is a 45bn jackpot for the public sector if we get technology adoption right, thats twice the size of the black hole we faced when we took office, and its not an opportunity we can let pass us by.According to The State of digital government report, produced for the government by Bain & Company, which is being published later this week, government departments are overspending on IT contractors. The report found that government departments are bringing in contractors and consultants to complete basic IT tasks instead of using full-time staff, due to their inability to compete on salaries and headcount restrictions.However, according to Bain & Company, the bill for contractor is 14.5bn, which is three times higher than if civil servants were to do these IT jobs for government departments.Bain & Companys report also highlights that a quarter of IT systems used by central government are outdated, leading to huge maintenance costs. According to the report, the maintenance cost of these legacy IT systems is three-to-four times more than if the technology was kept up to date.The government said that a growing number of these outdated systems are red-rated for reliability and security risk. The report found that NHS England alone saw 123 critical service outages last year, leading to missed appointments and patients unable to get the care they need because staff were to use paper-based systems.Among the reforms due to be announced later this week is an expanded role for Government Digital Service, which will be responsible for searching for IT vulnerabilities across the public sector that hackers could use to shut down essential services. The role involves support to help the organisations with vulnerable systems fix the issues to make the UK more resilient to cyber attacks.Read more about public sector ITCan AI rescue the public sector and deliver its long-promised digital transformation? The UK government sees artificial intelligence as a tool for national renewal but unless it overhauls its approach to policymaking and delivery for the AI age, its plans are doomed to fail.Artificial intelligence can save UK public services fact or fiction? Sean Green asks whether artificial intelligence can save the UK public sector.In The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current IssueData engineering - DataStax: Building the Gen-AI stack, how to plan ahead CW Developer NetworkRiverlane points to 2025 as year of quantum CW Developer NetworkView All Blogs

NewsPower grid constraints threaten Dutch digital innovation ambitions The Netherlands risks falling behind in crucial digital innovations such as artificial intelligence as power grid congestion reaches critical levels across the countryByKim LoohuisPublished: 20 Jan 2025 14:45 Recent research from Schneider Electric warns that datacentre electricity demand could more than double between now and 2026, reaching over 1,000 terawatt-hours.This surge in power demand comes at a particularly challenging time, as the last Dutch provinces with available grid capacity South Holland and North Holland have now declared they have no room left for growth. This gridlock threatens existing digital operations and future innovations, particularly in artificial intelligence (AI) development.Were seeing enormous waiting lists for power connections, precisely during a period when we need to transition to renewable energy and increase digitisation, said Stijn Grove, managing director of the Dutch Data Center Association(DDA). When the government recently announced plans for an AI factory in the Netherlands, theyre probably looking at a very small facility because larger operations simply cannot be placed anywhere at the moment.The Dutch datacentre sector isnt standing still. The DDA is in talks with the ministry and relevant stakeholders to address these challenges with innovative approaches. Weve calculated whats possible when we implement smarter approaches to power usage, he said. For example, datacentres currently operate behind two transformers for redundancy, but we could function with just one since we have emergency power systems in place.Several datacentres are already implementing direct connections to high-voltage networks and building their own electrical substations, completing these projects five to 10 years faster than traditional grid operators. The sector is also exploring integration with other intensive energy users to create smart power-sharing systems. By implementing these solutions, we could potentially free up 1 gigawatt and probably even more power capacity, said Grove. Enough to power millions of homes.While North Hollands new datacentre strategy acknowledges the sectors role in grid solutions, he said concrete actions are essential for implementing the strategy. The provinces approach, while well-considered, highlights the gap between policy ambitions and infrastructure reality.The Schneider Electric research outlines four possible scenarios for AI-related power consumption through 2035, with the most sustainable pathway requiring significant infrastructure improvements and coordinated planning elements currently lacking in the Netherlandsapproach.This shortfall in planning is particularly concerning given the global acceleration of AI development. While were setting up a small AI factory, the US has just announced initiatives 200 times larger, said Grove. We cant compete at that scale.The implications extend beyond the datacentre sector. The government has ambitious plans to solve healthcare challenges through innovation, like reducing administrative burdens and addressing staff shortages through digitisation, he said. But if you dont have the means to implement these digital solutions, it becomes a very difficult ambition to achieve. Every organisation, from hospitals to large companies to government agencies, will face problems because theres no room for growth. Innovation at riskThe timing of this power crisis is particularly problematic as the Netherlands aims to maintain its position as a digital leader in Europe. The countrys historical role as an early internet adopter and digital innovation hub is now under threat. This position, built up over the past two decades, has been crucial for both economic growth and digital sovereignty.We dont need to host every type of datacentre we dont have large social media or Bitcoin mining operations here, said Grove. Most hyperscalers are spread across Europe. We focus on value-added services that support innovation and digital transformation. But in this time of increasing geopolitical instability, we risk losing even these strategic capabilities if we dont act now. International organisations are already saying that further growth wont happen in Amsterdam or the Netherlands theyre looking elsewhere because we simply cant provide the power capacity.The power constraints come just as AI development becomes increasingly crucial for maintaining economic competitiveness. According to Schneider Electrics research, AI workloads could drive a 160% increase in datacentre power demand by 2030, potentially rising from 1-2% of overall power consumption to 3-4% by the decades end. This growth reflects the exponential increase in AI applications across industries, from healthcare and manufacturing to financial services and scientific research.The Dutch Ministry for Economic Affairs announced its plan to start a working group that includes ministries, provinces and industry representatives to address these critical infrastructure challenges. However, the fragmented nature of the field complicates finding solutions. Knowledge about our sector is quite limited, said Grove. We must actively explain our role and potential solutions.The datacentre sector advocates for demonstration projects that showcase how digital infrastructure can be part of the solution to grid congestion rather than simply contributing to the problem. He specifically envisioned a breakthrough project that would create a campus-style environment integrating multiple datacentres, research facilities and educational institutions.The urgency is underscored by the Draghi report on competitiveness with China and the US, highlighting the risk of the Netherlands and Europe falling behind in digital infrastructure. Grove emphasised that the country cannot afford to stand still for the next 10 years, pointing out that the potential geopolitical and economic consequences of inaction are immense.In The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current IssueData engineering - DataStax: Building the Gen-AI stack, how to plan ahead CW Developer NetworkRiverlane points to 2025 as year of quantum CW Developer NetworkView All Blogs

Tommy Lee Walker - stock.adobe.cNewsTelehouse research highlights UK knowledge gap about what datacentres doDespite the governments efforts to champion the datacentre sector as a critical component of the countrys future growth, research shows the general public is largely unaware of what server farms are and what they doByCaroline Donnelly,Datacentre Editor Published: 20 Jan 2025 12:45 Despite the government repeatedly hyping up the importance of the datacentre market to the UK economy, research shows the general public remains largely unaware of the important role server farms play in their everyday lives.A poll of 2,000 UK consumers by colocation company Telehouse, geared towards uncovering how much awareness there is of datacentres in the general population, revealed that more than half of respondents (51%) had never heard of the term.When questioned further, 67% of respondents said they did not know what a datacentre was, nor what it did, which Telehouse said highlights a significant lack of awareness about their critical role in powering daily digital life.While 48% of respondents believe datacentres positively impact the digital services they use at home and work, such as video streaming and online shopping, there remains a substantial knowledge gap about the scale and scope of datacentre operations, the company said.To reiterate this further, the company said its research also showed that nearly half of respondents (43%) had no idea about the number of people, applications and data supported by datacentres in the UK.The lack of public appreciation for datacentres may be traced back to the fact that operators have previously gone to great lengths to keep the location of their sites under wraps for security purposes with this veil of secrecy affording clients data an extra level of protection.The fact the sector operates largely under the radar has been cited as a reason why operators have struggled to fill roles and replace workers who have reached retirement age. It has also previously been flagged as a factor in why the industry has sometimes struggled to get its needs and wants catered for during government policy and regulatory changes.Read more about datacentresThe UK government has unveiled its 50-point AI action plan, which commits to building sovereign artificial intelligence capabilities and accelerating AI datacentre developments - but questions remain about the viability of the plansLabour government has wasted no time in lowering planning permission barriers to new datacentre builds, with its disclosure that two previously denied projects are being placed under review.The latter situation has progressively improved over the course of the past five years or so, with datacentre employees acknowledged as key workers by the government during the 2020 coronavirus pandemic.Since coming to power in July 2024, the Labour government has also taken steps to elevate the status of the datacentre market further by committing to lowering the planning barriers to new developments, and reclassifying datacentres as Critical National Infrastructure.Even so, Telehouse said its research shows there is a need for the public to be better educated about the critical role that datacentres play in keeping the countrys increasingly digital economy ticking over.In response, the company has launched an education drive to help the general public build their knowledge of what the sector does, and learn more about datacentres and their significance to everyday life.The company has also committed to offering apprenticeships and work experience opportunities to young people in the datacentre market, and said it intends to advocate for more educational programmes focused on datacentre technologies in schools and universities.Mark Pestridge, executive vice-president and general manager at Telehouse Europe, said: We realise theres a significant knowledge gap regarding datacentres and their impact on digital lives [and] we hope to educate people about the critical work done in datacentres and inspire our future generations to consider careers in this field.We also hope that bridging this knowledge divide may be key to increasing trust in the digital infrastructure that underpins our connected lives, he saidIn The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current IssueData engineering - DataStax: Building the Gen-AI stack, how to plan ahead CW Developer NetworkRiverlane points to 2025 as year of quantum CW Developer NetworkView All Blogs

Video-sharing platform TikTok will go dark in the United States at midnight on Sunday 19 January after the Supreme Court upheld a nationwide ban on the Chinese-owned social media on national security and data privacy and protection grounds.In a unanimous decision, the conservative majority court sided with the lower courts, outgoing president Joe Biden, and both houses of Congress, which passed the Protecting Americans From Foreign Adversary Controlled Applications Act last year with broad support from both Democratic and Republican lawmakers.The law requires TikToks parent ByteDance to either divest the service altogether or be cut off from US app stores and hosting services this weekend, with the likes of Apple and Google facing significant fines if they do not comply.In its unsigned opinion, the Supreme Court said: There is no doubt that, for more than 170 million Americans, TikTok offers a distinctive and expansive outlet for expression, means of engagement, and source of community.But Congress has determined that divestiture is necessary to address its well reported national security concerns regarding TikToks data collection practices and relationship with a foreign adversary. For the foregoing Per Curiam reasons, we conclude that the challenged provisions do not violate petitioners First Amendment rights.Craig Singleton, senior China fellow and senior director of the China programme at Washington DC-based thinktank the Foundation for the Defense of Democracies, said the nine-nil decision upholding the laws constitutionality validated the security risks posed by Chinese-owned social media apps.ByteDance was afforded due process in our courts something Chinese companies would never extend to US firms. This is about reciprocity, fairness, and protecting American interests, he said.China is adapting in real-time to the ruling. Prior to today's verdict, Beijing began urging TikTok users to migrate to other Chinese-owned apps, like Lemon8 and Little Red Book. This underscores the risks of a whack-a-mole approach and highlights the need for constant vigilance. Beijing isnt just building apps; its building a discourse power ecosystem to shape global narratives and influence societies.Although TikTok has been banned in other countries, most jurisdictions, including the UK, have confined their restrictions to government-owned devices. The US ban marks the first time that a service as widely used as TikTok which boasts 170 million users in the country and many times that number globally has been banned outright in such a significant market.From a business perspective, the TikTok ban will be most keenly felt by smaller businesses, creators and influencers in the US, but organisations located in the UK, Europe, and other countries will also be affected by the sudden loss of thousands, if not millions, of potential customers.However, TikToks goose may not yet be cooked. Following the publication of the Supreme Courts decision on the matter, the Biden administration signalled it would not immediately enforce the ban on 19 January, leaving the matter up to the incoming president-elect Donald Trump, who will be inaugurated on Monday 20 January.Trump, who towards the end of his first term in 2020, attempted to ban TikTok himself, has since changed his position on the issue and now credits it with activating younger voters in his favour.Trump has previously hinted that he would move to save TikTok, which could mean he might delay enforcement of the law in order to give ByteDance time to find a buyer for the service.Posting on his Truth Social network earlier today, the president-elect said: The Supreme Court decision was expected, and everyone must respect it. My decision on TikTok will be made in the not too distant future, but I must have time to review the situation. Stay tuned!In a video message, TikTok CEO Shou Zi Chew said: I want to thank president Trump for his commitment to work with us to find a solution that keeps TikTok available in the United States. This is a strong stand for the First Amendment and against arbitrary censorship.We are grateful and pleased to have the support of a president who truly understands our platform one who has used TikTok to express his own thoughts and perspectives, connecting with the world and generating more than 60 billion views of his content in the process.Singleton said: A Trump-brokered divestiture that secures US control over TikToks algorithm and ensures US user data is safeguarded from Beijing would not only save the app but also send a clear message: Washington can negotiate deals that advance US security and economic interests.This would reflect Reagans principles: firm on protecting American values while engaging thoughtfully with adversaries on our terms. Its about advancing security without sacrificing strength, he added.Read more about TikTokThe Supreme Court upheld the US TikTok ban, which means businesses that have used the app to reach and grow audiences will no longer be able to do so.A TikTok ban in the US won't crush recruiting efforts. While the platform has reach, employers still prefer LinkedIn, Instagram and niche tools to find top talent.

The digital landscape is evolving rapidly, presenting security leaders with unprecedented challenges. As threats increase in volume and complexity, exacerbated by geopolitical tensions and cyber warfare, a proactive and strategic approach to anticipate and mitigate potential attacks is crucial.At the same time, the regulatory environment is expanding in response to these growing threats. Initiatives like the Cyber Resilience Act, Network and Information Security 2 (NIS2) Directive and the Digital Operational Resilience Act (DORA) are pushing organisations to meet higher security standards. However, the complexity of these regulations makes compliance a significant challenge.The current threat landscape, coupled with new regulatory measures, underscores the need for robust data protection strategies. Emerging technologies such as quantum computing further heighten the urgency. Although still in its experimental stages, advancements like Googles Willow chip highlight quantums potential to render traditional encryption obsolete. This makes the adoption of quantum-resilient security measures essential for protecting sensitive data against future vulnerabilities.Data privacy and security should be approached with the same mindset as insurance policies. Both protect against potential risks before they occur. Just as insurance mitigates financial loss in unforeseen events, data privacy measures defend against breaches, misuse, and cyber risks. The objective is not just reacting to incidents after they occur but ensuring safeguards are in place to minimise impact and maintain control over how data is used.The Digital Operational Resilience Act (DORA), which came into effect this month, was introduced to formalise and strengthen the EUs financial services sector and ensure a unified approach to managing ICT risks. Although cyber security technologies have advanced considerably over recent years, so too have the volume and sophistication of cyber attacks. The traditional security measures that financial institutions have deployed are no longer sufficient to protect and mitigate against these attacks.Traditionally, cyber security measures have focused on protecting data at rest or in transit. However, DORA emphasises the importance of securing data in use when sensitive information is actively processed, such as customer data in banking systems. Current solutions, no matter the budget that has been spent, are not entirely bullet proof and thats why the adoption of emerging privacy-enhancing technologies (PETs) should always be under consideration. PETs are at varying levels of maturity, with some requiring significantly more technical expertise than others to integrate with existing operational systems.One such example is Fully Homomorphic Encryption (FHE) a technology that enables secure computing with always-encrypted data that can be used alongside PETs like federated learning or differential privacy, to enhance the protection of data in use. FHE allows encrypted data to be processed without decryption which means that even if a breach of data were to occur, the value of the compromised data is severely limited in value to an attacker.If deployed in silos, PETs will not be silver bullet solutions to rising threats and ever-changing regulations. However, security leaders can deploy a combination of these emerging technologies.The Computer Weekly Security Think Tank on regulation and complianceMandy Andress, Elastic:Why CISOs should build stronger bonds with the legal function in 2025.Adam Stringer, PA Consulting: Why we need better cyber regulation to protect the UK from disruption.Security leaders can best navigate the multitude of new national and multinational regulations by adopting a proactive and adaptive approach to both compliance and protection. This involves integrating advanced privacy-enhancing technologies into their security frameworks to address evolving threats and meet regulatory requirements. Collaboration with regulators, peers, and technology providers is also crucial to align strategies with emerging standards and best practices.Adopting next-generation security technologies and compliance measures is still in its early stages, but the direction is clear. As organisations face an increasingly interconnected and volatile landscape, adopting methods to secure data and systems is becoming an operational necessity. Anticipating threats, embracing innovation, and fostering collaboration will empower organisations to remain compliant, resilient, and ahead of the curve in an unpredictable world.Dr Nick New is CEO at Optalysys, With a PhD in Optical Pattern Recognition from Cambridge, Nick has a strong foundation in optical technology. At Optalysys, he is pioneering advancements in silicon photonics and FHE.

ipopba - stock.adobe.comNews150m AI framework agreement set to drive NHS forwardNHS Shared Business Services is looking to deploy artificial intelligence across the NHSByCliff Saran,Managing EditorPublished: 17 Jan 2025 16:45 NHS Shared Business Services has issued a tender worth 150m, split into six lots, covering the use of artificial intelligence (AI) in medical imaging and analysis to speed up diagnosis.AI systems can be deployed to analyse medical images in seconds, and help detect conditions such as strokes, asymptomatic conditions, future diseases, suspicious areas, small tumours or subtle abnormalities. They can provide real-time, evidence-based recommendations during patient consultations.NHS Shared Business Services said these systems can suggest potential diagnoses and treatment options based on the latest clinical guidelines and patient data.In a post on the NHS Shared Business Services website, Kelly Bevington, senior category manager of digital and IT at NHS Shared Business Services, said: With our current artificial intelligence offerings Artificial Intelligence Software in Neuroscience for Stroke Decision Support and Artificial Intelligence, Imaging and Radiotherapy Equipment, Associated Products and Diagnostic Imaging due to expire, we wanted to bring together the wealth of experience of these framework agreements into one comprehensive offering that, to quote Lord Darzis independent review, helps take the NHS above the foothills of digital transformation.She said the framework agreement will focus on the application of AI in different specialities by providing efficient ways to prevent, diagnose, treat illness and optimise clinical workflow.The first lot covers the use of AI image analysis, including diagnosis of neurological disorders such as Alzheimers disease, Parkinsons disease and multiple sclerosis through imaging and other diagnostic tests; and the use of AI medical imaging to detect lumps, ovarian cancer, endometriosis, fetal structures, anatomical development, and early detection of pregnancy complications.In oncology, AI can be used to aid in the early detection and diagnosis of various cancers by analysing imaging data, genetic information and patient records.Other AI uses include supporting musculoskeletal conditions; cardiology; gastroenterology; urology; ophthalmology; and the analysis of neurological data to identify risk of stroke or stroke occurrence.Read more NHS Shared Business Services storiesNHS SBS to launch 1.5bn digital workplace solutions framework: NHS Shared Business Services is planning on a second iteration of its digital workplace solutions framework before the current one expires in August 2024.Data bill will boost NHS and police access to data, says government: The Data Use and Access Bill will pave the way for sharing medical records across the NHS and give police the ability to access databases without having to manually log the reasons for their use.The second lot focuses on the adoption of AI algorithms and deep learning models, which are trained on large datasets and can be used to identify patterns that cannot be detected in a normal clinical setting or laboratory.For instance, AI can analyse digital slides from biopsies, tissue, cells, blood and bone marrow to help detect cancer and other diseases, optimising workflow in pathology labs.Lot three covers predictive analytics for improving patient flow and experience based on better interoperability with health records. Lot 4 is about research and development to support cross institution collaboration and research such as drug discovery and clinical trials. The Lot 5 is focused on operational efficiency, and Lot 6 covers AI consultancy, implementation and training.In The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current IssueSpot the difference: National Data Strategy/National Data Library Cliff Saran's Enterprise blogData engineering - Percona: Measure twice, implement once, the art of thinking ahead CW Developer NetworkView All Blogs

Existing artificial intelligence (AI) models available in the public domain fail to provide complexities and nuances of the past, and merely offer oversimplified stories about the Holocaust, according to an international Holocaust research lab.In November 2024, the University of Sussex launched the Landecker Digital Memory Lab, an initiative to ensure a sustainable future for Holocaust memory and education in the digital age.According to a research-based policy briefing presented by the lab to the International Holocaust Remembrance Alliance (IHRA), Does AI have a place in the future of Holocaust memory, the use of AI in Holocaust memory and education is problematic because mainstream models including generative AI (GenAI) systems such as ChatGPT and Gemini lack good data about the Holocaust, and need the right representation from experts on this subject.The labs primary investigator, Victoria Grace Richardson-Walden, has recommended in an urgent call to all stakeholders involved in Holocaust memory and education, as well as policymakers to help solve the problem by digitising their data and human expertise, rather than just bringing people to their sites and museums.Very few of them have a clear digitisation strategy, she said of the Holocaust memory and education sector, which includes archives, museums, memorial sites and libraries all over the world. They only digitise their material content or their testimonies for specific exhibitions.That is a pressing issue for heritage in general, said Richardson-Walden, referring to wars in Ukraine and the Middle East.All heritage, all these things are at material risk, she said. There has been instrumentalisation of history on all sides of the political spectrum for varying political aims. When that becomes very loud on social media, you lose nuance. Thats where the urgency is.Richardson-Walden highlighted that GenAI systems are not knowledge machines, as they only assign probabilistic numerical value to words and sequences of words, rather than a value based on their historical and cultural significance. This leads to lesser-known facts and stories being buried, as the systems will tend to reproduce only the most well-known canonical outputs that focus on the most famous stories.It gives you a headline answer and bullet points, she said, describing a typical answer to an enquiry made to ChatGPT. This idea of summarising really complex histories is problematic. You cant summarise something that happened over six years in many, many countries, and affected a whole range of different people and perpetrators.The research doesnt seek to provide answers to this complex issue. Instead, Richardson-Walden hopes to find alternatives in discussions with her informatics and engineering colleagues. Cultural signifiers are difficult to code and then to build into training data, she said.Richardson-Walden also highlighted the need to have good data in commercial GenAI models, especially in relation to sensitive subjects of history such as those involving genocide, persecution, conflict or atrocities.Good data comes from the Holocaust organisation, but first they need to digitise it in a strategic way, and the metadata attached to it needs to be correct and standardised, she said.Another problem highlighted by the labs policy briefing is the self-censorship that is programmed into most commercial image GenAI models. Almost every time a system is prompted to produce Holocaust images, it will refuse, and the user will be met with censorship guidelines.Read more about artificial intelligenceDigital Ethics Summit 2024: recognising AIs socio-technical nature: At trade association TechUKs eighth annual Digital Ethics Summit, public officials and industry figures and civil society groups met to discuss the ethical challenges associated with the proliferation of artificial intelligence tools globally and the direction of travel set for 2025.Creative workers say livelihoods threatened by generative AI: Computer Weekly speaks with various creative workers about the impact generative artificial intelligence systems are having on their work and livelihoods.Barings Law plans to sue Microsoft and Google over AI training data: Microsoft and Google are using peoples personal data without proper consent to train artificial intelligence models, alleges Barings Law, as it prepares to launch a legal challenge against the tech giants.The brief cited an example of Dall-E, OpenAIs image generator. All it can offer is to produce images of a wreath, elderly hands and a barbed wire fence, or an image that looks like a ghost in a library, it said.Richardson-Walden added: You end up making the Holocaust invisible or abstracting to the point where its absurd. So, this idea of putting in censorship within your programming is a good thing as a moral approach that actually creates the opposite effect.She believes that, although these guardrails are better than producing false or distorted data, they also prevent people from learning the history and its lessons, adding that the developers of these models should therefore find a middle ground in their guardrails that prevent misinformation on the Holocaust, but also dont pigeonhole them into banning Holocaust information for future generations reliant on digital media.The way [middle ground] comes is through dialogue, said Richardson-Walden. There needs to be a space to bring more discussion with OpenAI, Meta, Google, sitting down with places like the UN, with us at the lab. She added that Landecker offers free consultancy to discuss approaches for tech companies that are for the first time engaging in holocaust memory.As soon as they delve into it, [they] realise this is so complex and so political, and theres this whole new area about ethics and digital they never thought about, she said.Landeckers website mentions that the most prominent example of Holocaust memory digitisation is an AI model known as Dimensions in Testimony, developed by the USC Shoah Foundation. Its an example of a domain-specific GenAI model, described as a small language model, which is heavily supervised and relies on substantial human intervention. Users and academics can interact with it by asking questions to which the model responds with testimonies from survivors and answers by experts that have been fed into it.However, other labs and memory centres may not have the same wherewithal and funding as the Landecker lab. Therefore, the focus should be on mass digitisation of assets, which can then be used to responsibly inform commercial large language models.

The UK government has expressed reservations about legislative proposals from Lord Tim Clement-Jones to improve the scrutiny of algorithmic decision-making tools in the public sector, arguing the concerns raised by his bill are already covered by its own proposed data reforms and the existing Algorithmic Transparency Recording Standard (ATRS).Introduced as a private members bill in September 2024, Clement-Jones said at the time the proposals were needed because the existing safeguards on algorithmic and automated decision-making (ADM) tools were not enough to ensure redress once the computer says no.During the second reading debate of his bill in December 2024, Baroness Maggie Jones the under-secretary of state at the Department for Science, Innovation and Technology (DSIT) said the combination of governments reforms to make the ATRS mandatory for central government departments, as well as its proposed Data Use and Access Bill (DUAB), are not only sufficient to address Clement-Jones concerns, but also better align with the governments own priorities of accelerating innovation, technology for good, and modern digital government.These reforms strike the right balance between ensuring that organisations can make the best use of automated decision-making technology to support economic growth, productivity and service delivery, while maintaining high data protection standards and public trust, she said.However, Clement-Jones expressed his own reservations about the government data reforms, citing past incidents involving the use of ADM tools to describe the dangers of unchecked algorithm systems including lack of transparency, loss of public trust in artificial intelligence (AI), and infiltration of bias and racism in unregulated decision-making systems.He reminded Lords of the 2020 A-level and GCSE grading fiasco, where students unfairly missed out on university places; the use of ADM systems by councils, where 540,000 citizens were assigned fraud risk scores before refusing them of housing benefits on the basis of fraudulent data; and the Post Office Horizon scandal. It is a dangerous confidence if the government really thinks that the ATRS, combined with the watered-down ADM provisions in the GDPR [General Data Protection Regulation], are going to be enough, said Clement-Jones. The bill is crucial to ensuring that the benefits of these technologies are realised while safeguarding democratic values and individual rights.Baroness Jones, however, argued that the governments data reforms under the DUAB specifically provide that human involvement must be meaningful. This is to prevent cursory human involvement being used to rubber-stamp decisions as having had meaningful involvement.One of Clement-Jones major concerns was about the transparency of ATRS. Since its launch in 2022, he said, only six records of algorithmic transparency in the public sector have been published. Government defended itself by claiming that a number of these records have been completed since it was made mandatory for all government departments, and that those will soon be published.As it stands, there are currently 23 records contained in the ATRS.Clement-Jones bill also contains a section on Algorithmic Impact Assessments (AIA) that public authorities would have to conduct prior to the deployment of any decision-making tools. AIAs would make it mandatory for them to constantly assess and disclose the tools impact on safety and administrative decision-making when the algorithm is updated or the tools scope changes.Conservative peer Viscount Camrose Jones predecessor at DSIT further argued that enforcing impact assessments even before purchase would be unrealistic, and, as a result, the bill would create an administrative burden. He also criticised Clement-Jones bill for being too prescriptive, rather than allowing public sector the flexibility to make choices in the face of their wildly differing needs.Baroness Jones claimed the ATRS provided a holistic view on safeguards regarding the impact of the tool while avoiding negative outcomes, and that legislating for transparency was therefore not needed: We do not believe that legislation for either mandatory transparency records or AIAs for public authorities is necessary at this time, she said.Read more about automated decision-makingSwedish authorities urged to discontinue AI welfare system: Amnesty International is calling on Swedens social insurance agency to immediately discontinue its machine learning-based welfare system, following an investigation by Lighthouse Reports and Svenska Dagbladet that found it to be discriminatory.Denmarks AI-powered welfare system fuels mass surveillance: Research reveals the automated tools used to flag individuals for benefit fraud violate individuals privacy and risk discriminating against marginalised groups.AI disempowers logistics workers while intensifying their work: Conversations on the algorithmic management of work largely revolve around unproven claims about productivity gains or job losses - less attention is paid to how AI and automation negatively affect low-paid workers.References were also made to Canada, which has recently implemented a similar AIA framework to the one proposed. Baroness Martha Lane Fox requested caution in the implementation of Clement-Jones bill, saying it might add to bureaucracy. Canada has also been trying to move to greater regulation of algorithmic transparency, and the implementation has been very heavy and difficult, she said.One key distinction of the private members bill is that it raises the importance of scrutinising systems during procurement stage instead of after they are put to use to ensure that systems are properly assessed for their efficacy and impacts before they are purchased.Speaking in support of improved procurement measures, Lane-Fox said: The skills on the digital procurement side of the civil service are under-egged, and the deals done with suppliers are far from ideal as we move to a world in which we want to encourage innovation but must also encourage safety. I very much hope that procurement will be positioned very closely at the heart of any future plans.The private bill is introduced by Clement-Jones at a time when government is looking to use AI to drive growth and boost the economy. Peter Kyle previously said in July 2024 that were putting AI at the heart of the governments agenda to boost growth and improve our public services.Meanwhile, prime minister Keir Starmer said during his AI Action Plan speech on 13 January that the technology is the defining opportunity of our generation. Mark my words, Britain will be one of the great AI superpowers, he said.

The mounting environmental impacts of generative artificial intelligence (GenAI) systems can be significantly reduced if businesses choose the right model for their use cases and implement sustainable practices throughout its lifecycle, according to Capgemini Research Institute.Capgeminis Developing sustainable GenAI report noted that, for the latest generative pre-training transformer (GPT) models, the training alone is roughly equivalent to the yearly energy consumption of 5,000 US homes, with an equal or greater amount of energy being needed to then run the model operationally in a business context.This meant one query to a large language model (LLM) required 10 times as much electricity than a Google search.It added that, in the span of a year, the number of organisations which have integrated GenAI into their products and services has gone up from 6% to 24%. Moreover, it estimated that by 2026, GenAI would account for 4.8% of an organisations total greenhouse gas emissions, up from the current rate of 2.6%.Capgemini also said that using a LLM to run an inference of 20 to 50 queries uses about 500ml of water each time, and that GenAI could create between 1.2 to fivemillion metric tons of e-waste by 2030; around 1,000 times more e-waste than was produced in 2023.The surge in energy consumption driven by generative AI is leading to a significant increase in emissions, which are expected to nearly double as a share of organisational carbon footprints within two years, said Vincent Charpiot, head of Capgeminis Group Sustainability Business Accelerator. It is urgent for businesses to embed sustainability into their AI strategies.By leveraging smaller models, renewable energy, and transparent practices from AI and GenAI vendors, we can mitigate environmental impacts while harnessing AI to drive both innovation and sustainability.From the production of graphics processing units which requires mining rare earth metals to training the models to run enormous datacentres, all of these steps contribute significantly to the technologys environmental impact.For most organisations, the use of GenAI products and services fall under their Scope 3 emissions referring to indirect greenhouse gas emissions that occur outside of a companys operations, but that are still a result of their activities.However, Capgemini said making the right choices at various stages of a models lifecycle including choosing hardware, model architecture, power source for datacentres and its ultimate use case can significantly bring down the environmental impact.It added that companies should consider whether they even need energy-intensive GenAI technologies in cases where they could use more resource-efficient models for a similar result.Everybody wants to do something with generative AI, but a lot of times you dont even need it, said Vishal Singhvi, director of generative AI at Microsoft. You can do this very well with your traditional AI, which consumes significantly less compute power and workloads.Organisations should therefore take into account whether tasks can be completed using small language models (SLMs) instead, which are trained with smaller and more specific datasets compared with a LLM.Capgemini said this can not only significantly reduce emissions, but also cost. According to Arthur Mensch, CEO of Mistral AI: Smaller models mean the applications are less costly to run and, more importantly, if you have a model that is 100 times smaller, you can call it 100 times more for the same cost, bringing a little more intelligence to your application with each call.For Mauli Tikkiwal, a board member at UK-based Orchard Hill College and Academy Trust, its vital that organisations are aware of how their use of GenAI is contributing to negative environmental impacts. First, you must identify the impact so you can track and reduce it, she said.However, while monitoring and tracking emissions is paramount, only 14% of those surveyed by Capgemini said their companies measure and track their GenAI footprint.Three-quarters of the executives cited limited transparency from suppliers as a challenge in measuring environmental impact. They expect the tech sector to lead efforts in facilitating that goal, the report said.Read more about AI and the environmentAssessing the sustainability of cloud AI services: Using AI-optimised hardware and minimising data movements are some of the ways to mitigate the environmental impact of using cloud AI platforms.How datacentres can turn the tide on carbon emissions: Operators have revealed troubling increases in their carbon emissions of late, but could these have been prevented?UK government seeks AI innovators to support clean energy transition and pursuit of net zero by 2050: The UK government has launched the second round of the Manchester Prize, which is geared towards using artificial intelligence technologies to assist with the clean energy transition.Despite these trends, Capgemini highlighted how some tech firms are approaching the technology sustainably.It noted, for example, that Nvidias latest GPUs are 30 times more efficient than their previous iterations; that MIT spin-off startup LiquidAI has developed adaptive and less energy-hungry algorithm techniques; and that Microsoft has introduced energy-monitoring features in its LLMs.It further highlighted a deal signed by Meta to purchase geothermal energy to provide power to its US datacentres, as well as Google Carbon Sense Suite, which is a collection of features that makes it easy to accurately report your carbon emissions, and reduce them.During the AI Summit London in June 2024, sustainability experts said that although the technology can be deployed in a number of ways to help companies become more environmentally sustainable, there must be a recognition of the clearly negative impacts it is currently having on the planet.They said that while it could help companies better manage their Scope 3 emissions by linking up data sources and making them more legible, these emissions can be difficult to track given how differently organisations collect, manage and share their data.

The Digital Operational Resilience Act (DORA) came into force on 16 January 2023. Following a two-year implementation period, from 17 January 2025, financial organisations must fully comply with the new regulation, which aims to ensure they remain resilient to severe operational digital disruption.The act covers a number of aspects of cyber resiliency, auditability, and the responsibilities shared between financial institutes and third-party software and IT service providers when these products and services are used to power business operations.While it is a European regulation, affecting companies that operate in the European Union (EU), other regions are also putting in place cyber resiliency. These include Australias Prudential Regulation Authority and the Bank of England in the UK. In the US, the Securities and Exchange Commission (SEC) is also considering cyber resiliency.Resilience to flaws and vulnerabilities in third-party products and services has been gaining attention worldwide. One example is the CrowdStrike flaw, which caused major disruption on systems running Windows. As Juniper Research noted at the time, banks were among the victims of the worldwide technology outage, which resulted in some customers not being able to access their online banking. Cash machines and card payment systems were also affected.The goal of DORA is to limit the potential disruption to banking systems caused by IT issues, but there is a direct correlation between its effectiveness and organisations maturity in terms of cyber security.Between August 2023 and August 2024, SecurityScorecard evaluated the cyber security performance of Europes top 100 companies, looking at factors such as network security, malware infections, endpoint security, patching cadence, application security and domain name system (DNS). With regulations like DORA set to reshape cyber security standards, European companies must prioritise third-party risk management and leverage rating systems to safeguard their ecosystems Ryan Sherstobitoff, SecurityScorecardThe research found that 98% of the top 100 European companies had experienced a breach involving third-party suppliers during that 12-month period. DORA requires financial institutions to identify and assess the criticality of the third-party service providers they use based on business impact and the level of risk they pose.Third-party IT and communications products and services are covered in Article 28 of DORA, which stipulates that financial entities must manage ICT third-party risk as an integral component of ICT risk within their own ICT risk management framework. Financial institutes that use third-party services as an integral part of their operations are held accountable for the overall cyber security of the business and must also conduct a full risk-assessment of suppliers.Looking at cyber risk exposure arising from vulnerabilities and security weaknesses in products and services supplied by third parties, Ryan Sherstobitoff, senior vice-president of threat research and intelligence at SecurityScorecard, says: Supply chain vulnerabilities remain a critical threat, as adversaries exploit these weak links to infiltrate global networks. With regulations like DORA set to reshape cyber security standards, European companies must prioritise third-party risk management and leverage rating systems to safeguard their ecosystems.Read more about cyber resiliencyHow AWS is protecting customers from cyber threats: Amazon Web Services reveals how its threat intelligence capabilities work under the hood to thwart cyber attacks and keep its customers data safe.US Treasury incident a clear warning on supply chain security in 2025: A cyber incident at the US Department of the Treasury blamed on a Chinese state actor raises fresh warnings about supply chain risk after it was found to have originated via vulnerabilities in BeyondTrusts IAM product.SecurityScorecards Global third-party cybersecurity breach report reveals that 75% of third-party breaches target the software and technology supply chain a trend reinforced by recent high-profile breaches involving SolarWinds, Log4j and MOVEit.DORA makes information security management a legal mandate, says Romain Deslorieux, director of strategic partnerships for cloud protection at Thales. To ensure compliance, organisations will need to work to simplify and automate their cyber security services to be sure that their applications, data and identities are adequately protected. This includes everything from API [application programming interface] security; classifying, monitoring and protecting sensitive data; through to providing secure trusted access for customers, employees and partners.Martin Thompson, analyst and founder of the ITAM Forum, recommends that organisations run a discovery process to help them classify the risks associated with the IT products and services they use.In a September 2024 blog, Shane ONeill, a partner in Grant Thorntons Dublin office, suggested that financial institutions invest in platforms that can centralise their ICT asset catalogues. This, he said, should offer a holistic view of third-party providers, which enables firms to understand the potential risks they pose to the business, enabling them to take action to mitigate such risks.ONeill pointed out that most IT asset management platforms provide automation features, which can be used to simplify the review process. At a minimum, DORA requires an annual review of ICT assets and accompanying documentation, and for third parties deemed high risk, the review cycle occurs more frequently, he wrote.Automation lessens the administrative burden of coordinating a review and decreases the number of manual components within a review cycle, thereby reducing the potential for human error or the potential of a review cycle being missed.As ONeill noted, IT asset management platforms can automatically trigger a review process by generating an email that reminds stakeholders to review their asset inventories, and because the stakeholder performs the review within the system, the platform automatically logs their activity, thereby ensuring all aspects of the process are easily auditable from a regulatory perspective.While affected organisations should already be well advanced in implementing compliance programmes, Forrester senior analyst Madelein van der Hout says that as late as November 2024, she was still taking calls from Forrester clients, enquiring about what they need to do. If you started in November, there is not enough time, she says.While most financial organisations already have a good security posture, according to van der Hout, all financial institutes will still need to consider third parties, the diversification of their IT infrastructure and the interdependencies.According to Alain Traill, counsel at global law firm Latham & Watkins, many are struggling to achieve compliance. He urges those organisations still coming to terms with DORA to conduct a gap analysis to identify where they are non-compliant.For in-scope financial entities, which includes e-money institutions and crypto asset providers, in addition to traditionally regulated firms such as credit institutions, compliance involves a gap analysis of existing resilience measures against DORAs stringent requirements, updating governance chains, policies and procedures paying particular attention to core DORA focus areas such as incident response and resilience testing and completing an in-depth contract inventory and remediation exercise, he says.Since DORA stipulates that organisations need to assess the resiliency of their IT supply chain, third parties which include IT providers also need to understand their responsibilities under DORA. Traill says IT firms should update contract terms and potentially establish an EU entity.All providers of ICT services that are not designated as critical but that have customers that are in-scope financial entities including a vast range of providers of software and related products, often based outside the EU need to take steps to enable such customers to comply, including by reviewing and updating processes and policies and updating contract terms, he says.Proactive measures are crucial to align with DORAs requirements and avoid significant consequences, including for financial entities and critical ICT providers substantial fines. Proactive measures are crucial to align with DORAs requirements and avoid significant consequences, including substantial fines Alain Traill, Latham & WatkinsForresters van der Hout recommends IT leaders in financial organisations that need to comply with DORA contractually look at what IT they implement.There are implications if those IT vendors you use do not comply enough with DORA, she says. While IT leaders have the option to terminate such non-compliant contracts, van der Hout warns that untangling their IT from your IT infrastructure is hard.Beyond the work needed to ensure the cyber resiliency of third-party IT providers, Thales Deslorieux notes that DORA explicitly mandates organisations to define and enforce policies to encrypt data at rest, in transit and in use, and thoroughly manage the cryptographic keys this encryption relies on. Financial services must also provision for updating or changing the cryptographic technology on the basis of developments in cryptanalysis, he says.The experts Computer Weekly has spoken to recognise that work is needed to implement DORA compliance and to ensure ongoing maintenance for continued compliance. These are additional costs.Implementation, according to Forrester, will depend purely on the cyber security maturity of the business, but DORA builds on existing IT security frameworks, which means many have probably done most of the work needed to achieve compliance with the new regulation.Van der Hout points out that it is the ongoing costs that will have a more long-term impact on IT budgets. She estimates that maintaining DORA compliance could add 10% to an organisations cyber security costs.

In the wake of a significant action against its infrastructure, the Kremlin-backed advanced persistent threat (APT) actor Star Blizzard has pivoted to exploiting social messaging application WhatsApp in its spear-phishing campaigns against targets of interest to Russias intelligence agencies, Microsoft has warned.Microsoft has been hot on the tail of Star Blizzard for some time, and late last year its Digital Crimes Unit (DCU) received permission from a United States court to conduct a significant takedown operation against almost 70 of the groups domains. Since October 2024, Microsoft and the US Department of Justice (DoJ) have seized or taken offline over 180 websites used by Star Blizzard, which has had a significant short-term effect on the APTs ability to go about its nefarious business.This action has already yielded a treasure trove of information for defenders to pick over, but according to the Microsoft Threat Intelligence Center (MSTIC) the group has demonstrated remarkable resilience and has swiftly transitioned to new domains and methodology, including the exploitation of WhatsApp.In mid-November 2024, Microsoft Threat Intelligence observed Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group, said the MSTIC team.This is the first time we have identified a shift in Star Blizzards longstanding tactics, techniques, and procedures (TTPs) to leverage a new access vector.We assess the threat actors shift to compromising WhatsApp accounts is likely in response to the exposure of their TTPs by Microsoft Threat Intelligence and other organisations, including national cybersecurity agencies. While this campaign appears to have wound down at the end of November, we are highlighting the new shift as a sign that the threat actor could be seeking to change its TTPs in order to evade detection, they said.In the WhatsApp campaign, Star Blizzard operatives first made contact with their targets via email to engage them, in the guise of a senior US government official. This email contained a quick response (QR) code that purported to direct the recipient to join a WhatsApp group to discuss non-governmental organisation (NGO) work in Ukraine. However, in an attempt to coax their victims into responding, the QR code was intentionally non-functional.If the unlucky target did respond, Star Blizzard then wrote back with a wrapped, shortened link apparently directing them to the WhatsApp group. This sent the targets to a web page containing another QR code for them to scan to join the group.In a final bit of subterfuge, this second QR code was not a link to the group but instead used by WhatsApp to connect an account to the WhatsApp Web portal, which is used legitimately to enable people to access their accounts on a desktop PC instead of their smartphone, should they wish.In scanning this second QR the victims in fact gave Star Blizzard full access to their WhatsApp accounts, from where the cyber spooks were able to read messages and exfiltrate data using browser plugins.MSTIC said that the campaign was limited in its scope and appears to have ended at the end of November 2024. However, said the research team, it marks a clear break in Star Blizzards tradecraft, and highlights its tenacity.MSTIC is advising anybody working in sectors that Star Blizzard typically targets to be extra vigilant when dealing with unexpected or unsolicited email from trusted or new contacts.However, ordinary users should have little to be concerned about from the APT for, as ever, Star Blizzards campaign targets are most commonly individuals holding high-level positions in government or the diplomatic community, defence and international relations experts, and sources of assistance to Ukraine.As exposed by Computer Weekly in 2022, Star Blizzard previously hacked, compromised, and leaked emails and documents belonging to a former head of MI6, alongside other members of a secretive right-wing network devoted to campaigning for an extreme hard Brexit.This data dump also exposed the groups attempts to spread conspiracies about the origins of SARS-CoV2 and influence UK government policy on science and technology during the Covid-19 pandemic.Read more about cyber risk and espionageWorld Economic Forum urges digital business leaders to build the resilience of supply chains, improve cyber defences and develop contingency plans.Threat actors are once again lining up to exploit vulnerabilities in the widely used Ivanti product suite, with an apparent link to Chinese espionage activity.The US Treasury Department said Chinese government hackers gained access to a key for BeyondTrust's Remote Support service and used it to breach the federal agency.

Outgoing United States president Joe Biden has signed a cyber security executive order (EO) promising to build on the foundational steps taken earlier in his administration by ordering additional actions to improve the US cyber security.In one of his last official acts before the inauguration of president-elect Donald Trump next week, Biden detailed actions intended to improve accountability for software and cloud service providers, strengthen the security of US government IT infrastructure, promote security modernise security best practice, promote innovation, and address malicious cyber threats to the US and by extension her allies emanating from other jurisdictions.Significant malicious cyber-enabled activities pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States, said Biden, presenting the EO to Congress.He wrote: These campaigns disrupt the delivery of critical services across the nation, cost billions of dollars, and undermine Americans security and privacy. More must be done to improve the nations cyber security against these threats.Among some of the provisions of interest to the security industry are the imposition of new reporting requirements on software suppliers to the US government, including the introduction of secure software development attestations, to be overseen by the Cyber Security and Infrastructure Security Agency (CISA).The order also requires federal government bodies to adopt industry best practice, especially in identity and access management (IAM) to improve threat visibility and strengthen cloud security, and to implement strong authentication and encryption across its infrastructure.It also supports the modernisation of said infrastructure and where it supports critical government work, and enforces the use of cyber best practice in areas such as zero-trust, endpoint detection and response (EDR), encryption, network segmentation, and phishing resistant multifactor authentication (MFA), as well as around procurement and use of government contractors.Elsewhere, it calls on the government to accelerate research at the intersection of artificial intelligence (AI) and security, and post-quantum encryption.Finally, the EO sets out additional steps to combat cyber threats, providing that any property or interests in property in the US are blocked and may not be transferred or paid to any individuals determined by the US government to be complicit or to have engaged in malicious cyber activities.Illumio public sector chief technology officer Gary Barlet, who previously held US government CIO posts at multiple organisations, said: Bidens executive order introduces several promising proposals that could significantly enhance the nations cyber security posture, including stricter software requirements, guidance on leveraging artificial intelligence for cyber defenses, and the adoption of endpoint detection and response tools.Its encouraging to see a focus on addressing critical issues that align with the pressing need to counter nation-state threat actors, and Im particularly encouraged by the emphasis on collaboration, which will be essential to the success of these measures.However, with Bidens time in the White House now measured in hours, Barlet said that the success of the EO would depend on policy priorities set forth by the incoming Republican administration.The next administration has an opportunity to bring renewed focus and energy to government technology. By building on the existing foundations and progress, we could see meaningful progress in federal cyber security posture and collaboration efforts that lead to impactful results, he said.Echoing his actions in the wake of his 2016 victory, Trumpis expected to sign a pile of new EOs after taking office on 20 January, many of them likely to focus on issues such as immigration that activated his voter base in November.Whether or not Trump will take any immediate action on cyber security remains to be seen, and speaking to journalists before Biden signed the order, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said Bidens team had not discussed the content of the EO with Trumps transition team in advance, but that they were open to such discussions once Trumps team is in place.According to reports, Trump is close to picking cyber veteran Sean Plankey to run CISA, replacing the outgoing Jen Easterly.Plankey, who currently works with post-quantum encryption firm Indigo Vault, among other things, served in security roles at the Department of Energy (DoE) and was director for cyber policy on the National Security Council during Trumps first term. He has also worked in security roles in Americas armed forces, including naval intelligence and the Coast Guard.Neuberger said she hoped that the broad brush aims of the EO were bipartisan enough that they should be taken forward by the next president.Read more on US tech policy under TrumpPresident-elect Donald Trump's tech policy team at the White House Office of Science and Technology Policy will strongly influence the administration's direction on AI.A proponent of AI's use in HR, Keith Sonderling has been nominated by president-elect Donald Trump for the No. 2 position in the Department of Labor. Few government programs have affected US IT workers as deeply as H-1B. As Trump takes office, his administration must weigh worker concerns against Elon Musk's agenda.

Fujitsu staff working at HM Revenue & Customs (HMRC) will walk out for two days this month after union members voted for industrial action in a pay dispute.Staff directly employed by HMRC, but doing similar jobs to Fujitsu colleagues working alongside them as part of an outsourcing deal, received a much larger pay rise, according to the union representing the Fujitsu employees.Over 300 workers at the government department will walk out over two days in strike action over pay, after Public and Commercial Services (PCS) union members voted to strike.Fujitsu has faced heavy criticism as a result of its involvement in the Post Office Horizon scandal and there have been calls for it to be replaced on government contracts, so for many critics the dispute will be seen as another damaging indictment of the Japanese IT giants UK business.The strike at HMRC coincides with the 31 January deadline for online self-assessment tax returns, but HMRC said this will have no impact on people submitting returns because Fujitsu workers are striking and not HMRC staff.The Fujitsu workers, based in Telford and other offices across the UK, will strike on 30 and 31 January after being offered a pay rise of just 1.5%, according to the PCS, which added that their in-house colleagues received 5% for doing similar jobs.PCS general secretary Fran Heathcote said: There is no excuse for workers employed by Fujitsu being offered less than those employed directly by HMRC. If the government was serious about its pre-election pledge to bring in the biggest wave of insourcing in a generation, now is the chance to end the scandal of a two-tier workforce.Heathcote added: Its not too late for ministers to step in, resolve the pay issue and prevent strike action likely to play havoc with peoples tax returns.An HMRC spokesperson said: We have robust plans in place to ensure we continue delivering critical services for our customers during any industrial action.Fujitsu had not responded to Computer Weeklys questions when this article was published.Fujitsu staff at HMRC also took industrial action in January last year when rejecting a 3-4% pay rise from Fujitsu after learning that employees working for the company in Japan were being offered salary increases of up to 29%.Fujitsu is already under extreme scrutiny in the UK since the Post Office scandal reached the public conscience as a result of the ITV drama Mr Bates vs the Post Office, broadcast at the start of 2024. Its sales to the public sector have fallen dramatically since the supplier agreed with the government to cease bidding for new public contracts until the statutory inquiry into the scandal completed its work.As revealed by Computer Weekly, prior to the festive period Fujitsus UK staff were sent a memo instructing them on aggressive cuts to spending on travel, recruitment, social and external organisations.In its latest financial statement for the 12 months to March 2024, the company reported a loss of just over 170m, compared with a loss of 99m in the previous 12 months.Fujitsu told its UK staff, in September last year, there would be no UK-wide pay rise this year as it prioritised a limited budget, fueling anger among a workforce with low morale.2024 was a year Fujitsu would like to forget

DDN, which made its name in high-performance computing (HPC), has gained investment of $300m from US fund Blackstone, which it says will be used to translate leadership in supercomputing to storage solutions for artificial intelligence (AI).While arrays aimed at the two workloads are similar in being able to keep up with extremely high-performance processing, there are differences. HPC workloads involve reading a relatively small number of mathematical formulations to produce enormous amounts of simulation data.In AI, its the opposite. A massive amount of data is read to produce a relatively small model during training or to generate a response to an application or human prompt during inference.DDN sells its EXAscaler arrays into the HPC market. They use the Lustre parallel file system, which is open source and was first launched around two decades ago. An EXAscaler array comprises a number of disk drives in which one acts as an index to the contents of the others. Compute nodes interrogate that node to find out which of the others to read and write blocks of data to, then communicate directly with that node.To function, the compute nodes must run a Lustre client and have a direct network connection with all storage nodes. That usually means an Infiniband connection, with no packet loss and the ability for the controller to directly copy data in random access memory (RAM) or in non-volatile memory express (NVMe) storage on the host machine.DDN has put this functionality in its AI400X2 arrays, which are aimed at AI workloads. They use the same 2U nodes as in EXAscaler, but use Nvidia Ethernet SpectrumX controller cards. These use a BlueField DPU from Nvidia and bring the same benefits to Ethernet networks as found in Infiniband. Their use of RDMA over Converged Ethernet (RoCE) also means no packet loss with writes of data in Nvidia graphics processing unit (GPU) memory directly (using GPUdirect).The AI400X2 is primarily intended to communicate as quickly as possible with the GPUs during training workloads. But theyre potentially a very expensive option for storing enormous quantities of data that an enterprise might want to store from models that have already been trained.For this, DDN has had its Infinia arrays since 2023. These provide S3 object storage with the ability to add drives non-disruptively.DNN has offloaded S3 storage functions to containers, such as the metadata server, the storage server, and so on. This means DDN can reproduce in Infinia functionality similar to Lustre when specific S3 containers are deployed on the compute nodes. Infinia arrays can also be equipped with SpectrumX cards to maximise transfer speeds.DNN claims to know better than anyone how intensive storage works. When GPUs write data in parallel and then read data rapidly thereafter, problems of incoherence can arise. Checkpointing regulates this, but its a resource-hungry operation during processing and doesnt produce useful data. DDN says it can avoid such delays by carefully managing data flows and use of caching.DDN already has skin in the AI game, and among its customers is Elon Musks xAI, which has deployed a supercomputer called Colossus with 100,000 H100 GPUs. So, the purpose of the new $300m is not altogether clear.Blackstone is likely positioning itself in a number of AI-focused enterprises, and now has a member on the DDN board. Last year, the fund offered financial support to CoreWeave, a supplier of AI-focused infrastructure as-a-service.DDN promises a significant announcement on 20 February, which it has prefaced with the slogan: Were making AI real.Read more about AI and storageStorage technology explained: AI and data storage. In this guide, we examine the data storage needs of artificial intelligence, the demands it places on data storage, the suitability of cloud and object storage for AI, and key AI storage products.Interview: Nvidia on AI workloads and their impacts on data storage. We talk to Charlie Boyle of Nvidia about data challenges in artificial intelligence, key practical tips for AI projects, and demands on storage of training, inferencing, RAG and checkpointing.

Although they have had two years to prepare for the incoming legislation, a study has today revealed that a significant minority of UK financial services organisations are set to miss the 17 January 2025 deadline to comply with the European Unions (EUs) Digital Operational Resilience Act (DORA).According to the Censuswide survey commissioned by Orange Cyberdefense, 43% of British financial services organisations say they are still exploring DORA and will not be compliant for another three months at least, putting them at significant risk of regulatory fines.The 200 UK chief information security officers and cyber decision-makers polled on Oranges behalf overwhelmingly believed DORA would be beneficial and would significantly enhance overall resilience across the EU and its wider ecosystem.Yet barriers to compliance persist, with respondents to the survey describing a plethora of issues most of them relating to their own organisation rather than the DORA legislation. Orange found these issues include a lack of prioritisation in the wider organisation (28%), a short timeline to becoming compliant (25%), a lack of specific skills and knowledge (24%), and a lack of visibility into supply chains and third-party partners (23%). To overcome these, 97% said they were considering enlisting external support.Some 84% said they had been given enough or more than enough budget to become compliant, and a parallel study from Rubrik Zero Labs today reported that about 47% of UK financial services organisations had spent over 1m (842,000) on compliance measures. DORA doesnt mandate anything by way of revolutionary requirements. Most can be addressed by investing in comprehensive cyber risk assessments, integrated incident reporting, cyber resilience testing and cross-framework governance Richard Lindsay, Orange CyberdefenseThe regulatory landscape in the EU is heavily congested, with several overlapping standards and laws now in effect. There is a lot to navigate, and were increasingly seeing businesses taking a more reactive approach to compliance requirements once the threat of reprisals becomes tangible, said Richard Lindsay, principal advisory consultant at Orange Cyberdefense.However, remaining non-compliant could have severe ramifications, with fines of up to 2% of global annual turnover and the potential of fines of over 1m for individual senior leadership.The threat landscape has never been more volatile. The financial services industry is an attractive target for bad actors, and the likelihood of breach has never been higher. By implementing the required changes, businesses can avoid unwelcome fines and negative publicity and, most importantly, build resilience against digital threats, Lindsay added.DORA doesnt mandate anything by way of revolutionary requirements. Most can be addressed by investing in comprehensive cyber risk assessments, integrated incident reporting, cyber resilience testing and cross-framework governance. But, as is always the case in cyber security, the clock is ticking.Orange additionally noted that given the formal introduction of DORA comes just three months after the EU stood up the Network and Information Systems Directive 2 (NIS2) in October 2024, the need to address broader cyber compliance demands and overlapping requirements in both sets of regulations may explain why the majority of respondents are feeling positive about DORA, despite anticipating delays in achieving compliance.At its core, DORA aims to strengthen cyber security at financial services organisations and improve sector resilience across Europe. It harmonises operational resilience rules that apply to 20 different types of financial entities, such as banks, insurance companies and third-party tech suppliers.According to Brussels, regulation such as DORA has become necessary because the financial services industrys dependence on IT and the tech ecosystem makes it acutely vulnerable to cyber disruption, and if not managed properly this can spill over into the wider economy.DORA governs a number of areas, such as IT risk management frameworks, third-party risk monitoring and oversight of suppliers, operational resilience testing, cyber incident reporting, and information and intelligence sharing.Sonatypes vice-president of solution architecture, Mitun Zavery, said: If GDPR taught us anything, it was that last-minute compliance efforts lead to headaches and half-measures. Like many EU laws, UK companies may be pulled into scope as the act extends beyond European financial institutions and deep into their software supply chains.This is a big problem for UK businesses whose European customers fall under the regulations purview. The stern financial penalties for non-compliance are enough motivation for EU financial institutions to tell partners, If you arent compliant, we need someone who is.He added: Rather than a burden, UK organisations should seeDORAas an opportunity to streamline systems and processes by leveraging automation, reinforcing their software supply chains, and adopting a proactive approach to risk mitigation and vulnerability management. IfDORAbecomes like GDPR, then prioritising compliance now will open doors as forms of this standard are adopted in the UK.Read more about cyber regulation in 2025

The National Audit Office (NAO) has issued a series of recommendations to address deficiencies it has identified in how the centre of government procures services from the big tech providers.In its 55-page report, the public sector spending watchdog said the government stands to save significant amounts of time and money by improving how it engages with big technology suppliers, which are in some cases bigger than governments themselves.Doing so will require the centre of government to learn from past mistakes made with large-scale digital transformation projects, which have experienced decades of poor progress and billions of pounds in cost increases.In broad terms, the NAO is calling for the creation of a cross-government sourcing strategy where the commercial functions tasked with overseeing procurement work with organisations that have a role to play in setting the course of the governments digital strategy.The Government Commercial Function [GCF] is a cross-government network of around 6,000 civil servants who support the procurement of goods and services for government [and is] responsible for governments overall commercial performance and providers strategic direction, guidance and develops capability, the report stated.The Central Digital and Data Office (CDDO) is governments centre of expertise in digital and data but has no formal responsibility for digital procurement.Out of the 6,000 people working within GCF, 15 are responsible for managing the relationships between the government and its largest tech suppliers, the report added.The Labour government has undertaken something of a digital reshuffle, having decreed that the Department for Science, Innovation and Technology should assume responsibility for running the Government Digital Service (GDS) and the CDDO since coming to power in July 2024.As detailed in the NAOs report, the CDDO has previously flagged digital procurement as an area of improvement for the wider government, but the organisation has lacked the in-house expertise needed to make headway with the substantive challenges in this area.To accelerate progress in this area, the NAO said the centre of government needs to be subject to a system reform to pave the way for a more strategic approach to digital procurement to be adopted across government. Government needs to rethink how it procures digitally, including how to deal with big tech and global cloud providers that are bigger than governments themselves Gareth Davies, National Audit OfficeThe report does acknowledge that the CDDO and GCF have previously collaborated on the creation of a digital playbook, in March 2022, to provide buying advice and support to departments on how to approach technology procurements, but its contents remain a work in progress. The digital playbook would benefit from greater departmental and external input on the more complex issues, it said.The report also said departments are struggling to deliver on their digital transformation goals because issues at the centre of government are having a trickle-down effect on them.The centre of government sets the overall direction, culture and conditions, but individual departments award contracts to suppliers and subsequently manage them, the report stated. [But] it is at this departmental level where problems, arising from the overall commercial and contracting environment and processes, are most likely to manifest themselves.It continued: There is no single area focused on highlighting and addressing how departments can improve the use of suppliers in digital transformation projects.To remedy this, the NAO said departments need to work more closely with procurement specialists so they can refine their digital procurement requirements before cracking on with tender processes. This would [also] help the centre of government build a more strategic approach to suppliers, it added.Gareth Davies, head of the NAO, said the governments decision to revamp how its central digital functions are organised presents an opportunity for the issues flagged in the NAO report to be rectified.A lack of digital and procurement capability within government has led to wasted expenditure and lack of progress on major digital transformation programmes, said Davies.Government needs to rethink how it procures digitally, including how to deal with big tech and global cloud providers that are bigger than governments themselves.He added: The creation of the new digital centre of government provides an opportunity to make the systemic changes that are needed.Read more about IT procurement in governmentQuestions are being asked about whether CCS has breached procurement regulations by failing to re-tender a contract with AWS that has increased in value by 89% midway through.The G-Cloud procurement framework emerged in 2012 to provide UK public sector buyers with a faster, easier and more transparent means of acquiring IT services. How has it fared in achieving its aims?

ASDF - stock.adobe.comNewsBank of England and New York counterpart exchange puts technology cooperation into 3DA staff exchange between regulators will see US and UK financial technology experts cross the Atlantic ByKarl Flinders,Chief reporter and senior editor EMEAPublished: 16 Jan 2025 11:15 Financial services regulators in the UK and New York are to share staff through a secondment programme that kicks off next month.The New York Department of Financial Services and the Bank of England plan to share insights, knowledge and experience of emerging financial services and technologies.The Transatlantic Regulatory Exchange programme, as it is known, will start with the exchange of experts in emerging payment platforms and digital assets.Secondments will be for a minimum of six months, but could be extended to up to one year.The New York regulators superintendent, Adrienne Harris, said: Connecting the two global financial capitals of New York and London is critical for regulatory harmonisation in a world where financial services are not defined by geography.Those taking part are expected to return to their home regulator where they can bring their enhanced insights, knowledge and experience to work on regulation of emerging financial services and technologies, according to the New York Department of Financial Services.The programme will take the organisations beyond just sharing notes, according to Jean-Louis Bravard, a former managing director and interim CIO at JP Morgan.I think its a great idea because its basically a 3D view instead of a 2D approach to sharing notes on problems, he told Computer Weekly. In terms of method, I think the two regulators are quite different, while in terms of tools, I dont think so.Bravard, who also spent time in the IT outsourcing sector, added that the exchange of knowledge and skills will help the organisations fill gaps without having to outsource. He said the people working at both organisations are highly trustworthy so it is a safe way of accessing different skills.Cross-border cooperation by regulators will also contribute to the global market. Sarah Breeden, deputy governor for financial stability at the Bank of England, said: By sharing our knowledge and learning from one another, we can better ensure that regulation supports global financial stability and safe innovation in payments and financial markets. Connecting the two global financial capitals of New York and London is critical for regulatory harmonisation in a world where financial services are not defined by geography Adrienne Harris, New York Department of Financial ServicesAccording to Chris Skinner, CEO of The Finanser and industry commentator, called it a win-win for both organisations.This is an interesting development as the USA and UK see themselves as leaders in developing and regulating financial technology startups and markets, he said. The USA can bring insights into how the big tech firms think and their position on digital assets. The UK can bring access to the worlds leading fintech centre with the most advanced startup community.In consideration of the first planned exchange, which is around emerging payments and digital assets, David Bannister, analyst at capital markets-focused consultancy GreySpark Partners, said the US could learn a lot from the UK in terms of payment platforms.The US payment system is still stuck in the past and its only in the last few years that the split between electronic payments and cheques was finally in favour of a electronic payments.He added that in terms of digital assets, an emerging field of expertise, international cooperation is vital.The cooperation will inevitably expand into other areas of finance where advanced technologies are used. With the rapid rise in the use of artificial intelligence (AI) in the banking sector and the continued threat from cyber criminals, keeping up with technology is a constant challenge for regulators.One senor IT executive in the UK banking sector told Computer Weekly that AI is likely to cause the next big banking scandal. Subprime mortgages, PPI all these scandals have happened because the banks push something too far, then it blows up, he said. Then they have to reverse out and pay. Thats the lifecycle of how the banks operate and AI will be the next.Read more about the Bank of EnglandBank of England warns against AI complacency: UK financial services regulator wants to increase understanding of AIs benefits and how firms are managing the risks it poses, as take-up grows and use cases increase.Bank of England starts recruiting Britcoin team: UKs central bank is recruiting people to join its team focused on the development of a digital pound.Bank of England replacing beating heart: Bank has reached a major milestone in its core system replacement programme, with next landmark in sight.In The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current IssueData engineering - Percona: Measure twice, implement once, the art of thinking ahead CW Developer NetworkThe UK government's AI plan covers all the bases but needs a dose of pragmatism Computer Weekly Editors BlogView All Blogs

Volodymyr - stock.adobe.comNewsLOral: Making AI worth itNo stranger to advanced technologies, the cosmetics firm is partnering with IBM on GenAI capabilities to support its sustainability goalsByCliff Saran,Managing EditorPublished: 16 Jan 2025 11:57 Cosmetics and beauty company LOral has expanded its long-term partnership with IBM to uncover new insights in cosmetic formulation data through generative artificial intelligence (GenAI) technology.The company hopes to use GenAI to support its plans to use sustainable raw materials for energy and material waste reductions. The use of GenAI aligns with its LOral for the Future sustainability programmes target of sourcing most of its product formulas from bio-sourced materials and the circular economy by 2030.The cosmetics and beauty company has been working with IBM for a few years, as part of a digital transformation journey to Industry 4.0 where IBMs Watson internet of things (IoT) platform supports decision-making. The company has used a range of technologies from IBM to deliver IoT, augmented and virtual reality, and AI, which form the basis of the smarter factory at LOreal.In 2018, the company acquired ModiFace, which provides augmented reality and artificial intelligence for the beauty industry. The AI-powered technology has been used to enable Amazon customers to use the front-facing camera on their mobile phone to digitally try different shades of lipstick in a live video of themselves or on a selfie.This latest application of AI with IBM has the potential to augment LOrals creativity in finding new cosmetic formulations to transform the beauty industry. The AI model is being developed using a large number of formulations and component data points to accelerate multiple tasks to be performed by LOral, including the formulation of new products, reformulation of existing cosmetics and optimisation for scale-up production, to support LOrals 4,000 researchers worldwide in the coming years.IBM Consultings work also involves helping LOral rethink and redesign the formulation discovery process. According to IBM, understanding the behaviour of renewable ingredients in cosmetic formulas will help LOral build out more sustainable product lines with greater inclusivity and personalisation for consumers around the world. Matthieu Cassier, chief transformation and digital officer for LOral research and innovation, said: Building on years of unique beauty science expertise and of data structuring, this major alliance with IBM is opening a new, exciting era for our innovation and development process.IBM described the work as augmented research, where highly specialised expertise in artificial intelligence and cosmetics are used to revolutionise cosmetic formulation.It embodies the spirit of AI-augmented research, emphasising sustainability and diversity, said Guilhaume Leroy-Mline, IBM distinguished engineer in business transformation services at IBM Consulting France.Read more about GenAI in manufacturingUnilever calls on Accenture to drive AI business efficiency: Manufacturer Unilever is already using AI for advanced data analytics, but is now exploring how to use Accentures GenAI platform.JLR and Tata team to deliver smarter, data-driven, connected cars: Jaguar Land Rover partners with digital ecosystem enabler to supercharge next-generation vehicle connectivity with real-time vehicle location services and smarter driving experience.In The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current IssueData engineering - Percona: Measure twice, implement once, the art of thinking ahead CW Developer NetworkThe UK government's AI plan covers all the bases but needs a dose of pragmatism Computer Weekly Editors BlogView All Blogs

The age of artificial intelligence (AI) is changing the IT landscape, but with an ongoing diversity crisis in the tech sector, it remains to be seen whether the rapid development of these technologies will ultimately help or hinder our lives.Speaking at the annual Computer Weekly and Harvey Nash diversity in tech event, Bev White, CEO of Harvey Nash parent company Nash Squared, highlighted the importance of actively creating opportunities for underrepresented groups to join the technology sector if we want to make the industry a more diverse place.Lamenting how slowly the dial is shifting when it comes to diversity in technology, White urged those in the sector to be proactive in ensuring the tech workforce reflects tech users.Its on us, all of us not just the HR community, not just the CIOs, the CDOs and the CEOs to make a change. Its on all of us, she said.Every time we think about hiring, or promoting, or encouraging someone to step up and represent a department, we need to think about how were doing that and give somebody an opportunity to stand up and shine. We have to do that every single day, in everything we do, or nothing will change.With the rapid development of tech such as artificial intelligence (AI), generative AI (GenAI) and machine learning, this sentiment has never been more important.A report from Nash Squared found that 75% of workers are already using GenAI in their work. As this figure increases, it will become ever-more important to make sure the people developing these technologies reflect the people using them. Its on us, all of us not just the HR community, not just the CIOs, the CDOs and the CEOs to make a change Bev White, Nash SquaredAs White pointed out, if the teams developing these tools dont fully represent those using them, how do we ensure they serve their purpose?But rather than ramp up the push for diversity, companies are dialling back their diversity, equity and inclusion (DEI) initiatives as they face budget cuts and fears of backlash for taking the wrong approach.This paints a bleak picture for the future of AI development, where unbalanced teams and a lack of consideration for users have already caused problems.While AI adoption is increasing rapidly, the development of AI technology is nothing new.Maria Axente, head of AI public policy and ethics at PwC, said technology development has often hinged on because we can without considering the impact on the users and who needs to be involved in the conversation about design.Her role as a tech ethicist has her considering exactly these issues what purpose technology will serve, who the technology is for, and who should be involved in building it.She explained: AI ethics is a discipline concerned with creating a vision of a good life with AI, whatever a good life with AI means.Alongside a history of technology being developed with bias, from seatbelts to period trackers, Axente highlighted the women who are fighting to make technologies such as AI ethical, useful and fair.It can take a lot of time, effort and evidence to convince some of those developing technologies that what they are creating will have a direct impact on peoples lives, and that in some cases this impact will be negative without having the right best practice in place.Axente said: Weve learned gradually that tech is tangibly harming people.There are a number of ways the development of AI and machine learning has been biased against women and other underrepresented groups. Beckie Taylor, co-founder of Tech Returners, gave an example of a notable tech company that implemented an AI machine learning model for screening job applicants. Taylor explained how the predominantly male software team that built it led to the software having a bias against female applicants.Though this problem was identified and amended quickly, this goes to show the importance of a human in that process, Taylor said.Even though its called AI, its made by people, its built by people, its deployed by people, so it matters who those people are, and whether theyre bringing a wide range of experience and perspectives to their work.There have been other instances where AI has been trained with datasets or developed by non-diverse teams, which makes bias more likely, such as image-based diagnosis being more accurate for white patients and Apple Card allegedly offering men higher credit limits than women. AI is made by people, its built by people, its deployed by people, so it matters who those people are, and whether theyre bringing a wide range of experience and perspectives to their work Beckie Taylor, Tech ReturnersAI ethicist Axente said: We owe it to a lot of great women who have been raising their voices, despite the backlash they have received. They help us understand better how this tech perpetuates these existing harms.Some of these women have been bullied, fired and ignored during their quest to make sure the development of AI will benefit the majority rather than the few, according to Axente, who said were now in a better position to begin changing the mindset around technology development and adoption away from building it for the sake of it and towards building it purposefully.An obvious way to ensure algorithms are representative of the wider population is to attract and retain more tech talent from underrepresented groups, but also to make sure those shaping the future of humanity with AI reflect the greater population of users who will eventually be forced to integrate AI into their everyday lives person-centric AI should be the focus of the future.Axente said: If we want to make AI work for us as individuals and as a collective, collaboration not competition is the way forward.While there are around 5% more women using AI technology than there were 10 years ago, there are 10% fewer women working in technology than there were in 1984, according to Jasmin Guthmann, co-vice-president of the MACH Alliance.This imbalance between the number of women using AI and the number of women developing AI is contributing towards AI bias and tech that isnt suitable for all of its users so much so that the government outlined plans in its recent AI opportunities action plan to increase the diversity of the AI and data science talent pool in the UK.But Guthmann said women are currently trying to solve it all by themselves, and that isnt going to cut it.The diversity of the tech workforce has been stagnant for some time. The 2024 Diversity report from BCS, The Chartered Institute for IT, stated that if current trends continue, it will take another 283 years for the percentage of women working in the UKs tech sector to match the 48% of women there are in the wider workforce.But as Guthmann pointed out: If I try to change it by myself, Im not going to get anywhere.Shifting the dial at a more reasonable pace will take a collective effort, which Guthmann claimed is one of the reasons she didnt want the MACH offshoot, Women in MACH, to be exclusively about or for women. There needed to be men in the room, she said. We need all of you fantastic allies in the room to help us make it a bigger conversation and to have that conversation on our behalf when were not in the room.And there are a lot of instances where women and other underrepresented groups arent in the room only 13% of IT directors in the UK are from black, Asian and minority ethnic (BAME) backgrounds, and women made up only a quarter of CIO positions in FTSE 100 companiesin 2023.All of us need to be involved in any way we can, especially because underrepresented minorities and women are more often than others hesitant to put themselves forward for tech roles and opportunities, said Guthmann.Read more about Computer Weeklys diversity eventsAt the 2023 Computer Weekly diversity in tech event, in partnership with Nash Squared, more than 100 experts from the tech and employment sectors shared their ideas for improving diversity in the technology industry.At the Computer Weekly diversity in tech event in 2022, experts proposed a 15-point plan to improve diversity and inclusion across the industry. The suggestions they made focused on getting people into the sector and keeping them there, especially those currently under-represented in the sector who could solve many of the problems the industry is currently facing.She made some recommendations for underrepresented individuals and allies to push for small changes that when put together will make a big change. These include putting people forward for opportunities, calling out when there are male-only panels at events, making sure the opinion of quieter people is heard, and inviting male allies to women in tech events.Your objective from this day is to be that voice that says is there a better way of doing this, she said. People will only do better if we all hold them accountable. How do we redefine the future of tech? Innovation doesnt happen in silence, it happens when we break boundaries together so go do one small thing today to make the world a better place tomorrow.Collaboration can be a powerful tool when used in the right way.When the government announced plans early last year to raise the income threshold for potential angel investors, Emma Wright, a partner at law firm Harbottle & Lewis, mobilised a large group of women in tech to get the law reversed.HM Treasury planned to change the criteria for what defines a high net worth individual, meaning a person would either need an income of at least 170,000 in the previous financial year or net assets of at least 430,000 to invest.With the new law removing 70% of the women able to provide angel investment, the change threatened the number of businesses led by women in the UK.Female founders generate more revenue than their male counterparts, Wright explained.Just 1.7% of venture capital funding goes to female funders, and women back other women more than double than men back women.Wrights background is well suited for a challenge such as this. Having previously headed up government and public sector as a partner at Deloitte Legal, she understands how government works, and as well as her role as a tech and data lawyer, she was one of the founders of the Interparliamentary Forum for Emerging Tech (formerly the Institute of AI).Wright launched the investHER campaign, releasing an open letter that called on the government to make a decision by the then-upcoming budget. Many of the women who signed the open letter were from Computer Weeklys list of the Most Influential Women in UK Tech.As pointed out by Wright, any technology that isnt built with everyone in mind acts as a barrier and doesnt enable. This is a dangerous precedent to set when it comes to technology such as AI, which looks to be a very large part of everyones future.While this particular inequity was swerved, the efforts of investHER still only managed to get the problematic law reversed, not increase the potential number of female investors and backers for startups led by women.Wright said: Unless weve got everyone developing the tech solutions, we cannot compete on a global stage, and we will not have inclusive AI.A clear example of how technology adoption can have a negative impact if no one considers the end user is the Post Office scandal.Former subpostmaster Jo Hamilton told the Computer Weekly diversity event she didnt have any problems running her Post Office branch until the Horizon system was introduced.Because she didnt know anything about computers, when errors in her end-of-day accounting occurred on the system she thought she was the one making mistakes, resulting in the Post Office claiming she owed them more and more money due to allegedly unbalanced books despite the computer being at fault.The same happened to hundreds of other subpostmasters across the UK. The system came with no training, no support.Think of us first, think of people who know nothing about tech and using it. We were just little shopkeepers, Hamilton said.She urged those developing technology to consider the people who are going to use [tech] who are not technologically skilled.Incidents like this, and those mentioned previously, will happen more and more if care isnt taken to ensure AI and other technologies are developed with ethical use cases by diverse teams.But this, in turn, can only be ensured by working together from educators to governments, organisations to individuals.Without everyone involved in the shaping of our future in partnership with AI, not everyone will see the benefit.

Microsoft kicked off 2025 with a bang on the second Tuesday of January, dropping a massive Patch Tuesday update containing fixes for 159 vulnerabilities rising to 161 incorporating two additional vulnerabilities through CERT CC and GitHub.According to Dustin Childs of the Zero Day Initiative, this may be the largest number of CVEs addressed in a month since 2017 indeed, it is more than treble the number (49) fixed this time last year and follows another unusually heavy December update.[This] could be an ominous sign for patch levels in 2025, wrote Childs in his regular round-up blog. It will be interesting to see how this year shapes up.Tyler Reguly, Fortra associate director of security research and development, agreed: This is definitely one of those months where admins need to step back, take a deep breath and determine their plan of attack.While a large number of these vulnerabilities will be resolved by the Windows cumulative update, there is a plethora of other software impacted including a number of Office products Word, Excel, Access, Outlook, Visio, and SharePoint as well as other Microsoft products like .NET, .NET Framework and Visual Studio.Months like these are a great [reminder] that admins need to trust their vendors and their tooling, said Reguly. Fixing 161 vulnerabilities cannot be a fully manual process, especially since we know that more than just Microsoftpatches are dropping today. Adobe, as an example, as dropped updates for Photoshop, Substance3D Stager, Illustrator for iPad, Animate and Adobe Substance3D Designer.Patching vulnerabilities should not be a solo endeavour in the enterprise and, if it is, it may be time to talk to your leadership about staffing and tooling changes.Among the bumper crop of vulnerabilities are no less than eight zero-days, three that are known to have been exploited in the wild, and 11 critical flaws.This months zero-days are as follows:CVE-2025-21333, an elevation of privilege (EoP) vuln in Windows Hyper-V NT Kernel VSP;CVE-2025-21334, a second EoP vulnerability in the same service;CVE-2025-21335, a third EoP vulnerability in the same service.These flaws in Windows Hyper-V NT Kernel VSP are known to have been exploited in the wild, but these exploits have not yet been made public, while for the remaining five, the opposite is true. These are:CVE-2025-21186, a remote code execution (RCE) flaw in Microsoft Access;CVE-2025-21275, an EoP flaw in Windows App Package Installer;CVE-2025-21308, a spoofing flaw in Windows Themes;CVE-2025-21366, a second RCE flaw in Microsoft Access;CVE-2025-21395, a third RCE flaw in Microsoft Access.Saaed Abbasi, vulnerability manager at the Qualys Threat Research Unit, said timely patching of the Hyper-V issues was critical since they are under active attack.They allow an authenticated user to elevate privileges to SYSTEM and let them take complete control of the affected environment, said Abbasi.Usually, moving from guest to host/hypervisor indicates a CVSS [Common Vulnerability Scoring System] scope change, but Microsofts current disclosure has not explicitly confirmed this, suggesting further details are needed; this could jeopardise the entire host infrastructure, not just the individual VM [virtual machine].A threat actor able to achieve SYSTEM-level privileges is a grave concern to defenders, because it opens the door to other actions such as disabling on-board security tooling, or credential dumping to pivot across domains within the target environment. Such techniques are frequently used by both financially motivated cyber criminal gangs and nation-state backed espionage operators.Meanwhile, Adam Barnett, lead software engineer at Rapid7, ran the rule over the three similar RCE issues in Microsoft Access.Barnett detailed how successful exploitation should it occur would require a user to be fooled into downloading and opening a malicious file, leading to code execution via a heap-based buffer overflow.Curiously, in each case, one portion of the advisory FAQ describes the update protection as blocking potentially malicious extensions from being sent in an email, but the remainder of the advisory doesnt clarify how this would prevent malicious activity, said Barnett.Typically,patches provide protection by blocking malicious files upon receipt of a malicious email attachment, rather than preventing a malicious attachment from being sent in the first place, since an attacker is free to send whatever they like from any system they control.At any rate, the FAQ does mention that users who would otherwise have interacted with a malicious attachment will instead receive a notification that there was an attachment but it cannot be accessed, which is perhaps the best play on words weve seen from MSRC in a while, he said.On the spoofing flaw in Windows Themes, Barnett said many admins and users may not think about this feature which enables users to personalise their desktops with background images, screensavers and so on very often if at all, but it was still essential to pay close attention to all aspects of the Windows estate.Successful exploitation leads to improper disclosure of an NTLM hash, which allows an attacker to impersonate the user from whom it was acquired, he said.The advisory FAQ dances around the exploitation methodology without explaining; what we learn is that once an attacker had somehow delivered a malicious file to the target system, a user would need to manipulate the malicious file, but not necessarily click or open it.Without further detail, we can only speculate, but its plausible that simply opening a folder containing the file in Windows Explorer including the Downloads folder or inserting a USB drive, would be enough to trigger the vulnerability and see your NTLM hash leak silently for collection by the threat actor.Read more about Patch TuesdayDecember 2024: Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol.November 2024: High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Servershould be prioritised from Novembers Patch Tuesday update.October 2024: Stand-out vulnerabilities in Microsofts latest Patch Tuesday drop include problems in Microsoft Management Consoleand the Windows MSHTML Platform.September 2024: Four critical remote code execution bugs in Windows and three critical elevated privileges vulnerabilitieswill keep admins busy.August 2024: Microsoft patches six actively exploited zero-days among over 100 issuesduring its regular monthly update.July 2024: Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-daysingled out for urgent attention.June 2024: An RCE vulnerability in a Microsoft messaging feature and a third-party flaw in a DNS authentication protocol are the most pressing issues to address inMicrosofts latest Patch Tuesday update.May 2024: A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malwarethat is drawing attention.April 2024: Support for the Windows Server 2008 OS ended in 2020, but four years on and there's a live exploit of a security flawthat impacts all Windows users.March 2024: Two critical vulnerabilities in Windows Hyper-V stand out onan otherwise unremarkable Patch Tuesday.February 2024: Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket,among more than 70 issues.

peopleimages.com - stock.adobe.cNewsLarger businesses spend, spend, spend on AICompanies earning over $500m are spending 5% of their revenue on artificial intelligence initiativesByCliff Saran,Managing EditorPublished: 15 Jan 2025 14:45 One in three companies across all markets are planning to spend $25m or more on artificial intelligence (AI) in 2025, a study from Boston Consulting Group (BCG) has reported.The survey shows that larger businesses with revenues greater than $500m are making significant investments in AI, but there are big differences between those able to drive significant value from these initiatives and those merely following the AI trend.The BCG AI radar, based on a survey of 1,803 senior executives across 19 markets and 12 sectors, reported that AI is a top-three strategic priority for 75% of companies.However, just a quarter (25%) say they are actually seeing significant value from their AI investment. From a BCG perspective, the way leading businesses are able to achieve AI success involves deploying individual productivity-focused AI initiatives; reshaping critical functions to boost efficiency and effectiveness; and inventing new products and services to build long-term competitive advantage.The study found that leading firms focus over 80% of their AI investments in reshaping critical functions and inventing new products and services. Those organisations not identified as leaders tend to focus 56% of their AI investments on smaller-scale, productivity-focused initiatives, BCG reported.It found that AI leaders also set clear goals and track top- and bottom-line impact. In fact, BCG reported that leading companies are able to extract greater value by focusing their AI investments.However, most companies go broad and dilute efforts across multiple pilots, seeing lower return on investment (ROI) as a result. Almost a third (31%) admit they are not measuring any key performance indicators (KPIs) whether financial or operational relating to their AI initiatives, while 60% of companies surveyed are failing to define and monitor any financial KPIs related to AI value creation.Read more stories on AI costsHow to stop AI costs from soaring: Generative AI promises to improve business efficiency, but Gartner has found many projects are failing to get beyond pilot roll-outs.Enterprises shift to on-premises AI to control costs: In 2025, many companies will shift to on-premises AI to cut cloud costs that can easily reach $1 million a month for large enterprises.According to BCG, leading companies focus on depth over breadth, prioritising an average of 3.5 use cases, compared with 6.1 use cases for other companies. These companies anticipate generating 2.1 times greater ROI on their AI initiatives than their peers.In my discussions with CEOs, its clear they are prioritising AI to drive productivity, said Christoph Schweizer, CEO of BCG. Our latest survey uncovers a crucial challenge: while 75% of executives rank AI as a top-three strategic priority, only a quarter report meaningful value from their AI initiatives.Leading AI adopters have cracked the code on how to achieve impact by focusing on a targeted set of AI initiatives, scaling them rapidly, transforming core processes, upskilling their teams, and systematically measuring operational and financial returns. Many companies have an immense opportunity to close the gap between their ambitions and reality.In the UK, of the 182 companies with revenue greater than $500m that took part in the survey, almost two-thirds (65%) expect to spend $25m or more on AI initiatives in 2025.Given industry estimates of between 3% to 5% of revenue tends to be allocated to IT expenditure, the BCG figures for the UK shows that business leaders plan to spend 5% of their revenue on AI initiatives in 2025. This suggests that AI costs are not necessarily covered by the companys existing IT budget, which is mainly spent on keeping-the-lights-on activities such as cyber security and maintaining existing IT systems.In The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current IssueThe UK government's AI plan covers all the bases but needs a dose of pragmatism Computer Weekly Editors BlogData engineering - TetraScience: From lab to enterprise, what scientific data teaches us CW Developer NetworkView All Blogs

Production Perig - stock.adobe.cNewsCyber security dovetails with AI to lead 2025 corporate IT investmentCyber security and GenAI top enterprise IT investment plans for 2025, whether singly or together, according to research from Enterprise Strategy GroupByBrian McKenna,Enterprise Applications EditorPublished: 15 Jan 2025 15:26 Cyber security, whether singly or in tandem with generative artificial intelligence (GenAI), dominates enterprise IT investment plans in 2025, according to Informa TechTargets Enterprise Strategy Groups annual spending intentions research.The research, based on responses from 1,351 IT and business professionals worldwide, found that cyber security outpaces all other categories of initiative, with a dramatic expansion of AI and analytics also climbing in importance. The majority of the organisations surveyed 28% of which came from the EMEA region expect to maintain or increase their spending across all major technology categories in 2025, with cyber security most likely to see spending increases, followed by customer experience and application development.Around three-quarters of respondents in EMEA and North America said they would increase IT investment overall in 2025 compared with 2024. The research was carried out in the third quarter, which is when many organisations are working on their investment plans for the next year.Generative AI vied with cyber security as an area for investment, with security being an area to which GenAI is being applied more and more. Data management emerged as a related area, for which GenAI leads the investment pack.In terms of business initiatives, cyber security (49% overall) was well ahead of efforts to reduce costs (36%), improve data analytics and business intelligence (35%), and increase automation of business workflows (35%). Cyber security was top in EMEA (44%) and North America (51%), which might indicate the direction of travel for EMEA. Again under the heading of business initiatives, improving operational resilience against cyber attacks stood at 29% for North America and an almost identical 28% in EMEA.Among the most important IT initiatives for the year, strengthening cyber security tools and processes outdistanced all others by a wide margin at 27% overall (25% for EMEA, 30% for North America), followed by the use of AI and machine learning (16%), and using data analytics for real-time business intelligence and customer insight (14%).Within cyber security, the survey revealed that zero-trust network access (ZTNA) tops organisations plans for most significant cloud security investments in 2025. Firewalls (including next-generation firewalls) are the top target for network security investments, while multifactor authentication is the top identity-related security technology.In terms of cloud investment planning, respondents identified ZTNA as one of their most significant planned cloud security investments in 2025 (48% versus 41% in 2024). This was followed by cloud data security and data loss prevention (38%), and application programming interface (API) security (37%).The growth of API usage in recent years to support modern applications and connect various systems and services has sharpened this focus, according to the authors of a report based on the research, Bill Lundell and Christian Perry. This is because API-reliant microservices ecosystems can be complex and difficult to fully secure.The rise of AI more generally is stark, as shown by the surge of organisations identifying AI as a technology initiative thats become significantly more important to their future (44% versus 28% last year). It now ranks closely alongside cyber security (59%) and cloud (38%).As the AI locomotive steams ahead, organisations are rapidly circling budgets around GenAI technologies to accelerate automation and eliminate inefficiencies across nearly all elements of their IT and business environments, said Lundell and Perry.GenAI continues to rise as a target for significant spending, with 53% planning investments in 2025 (up from 46% in 2024).The dominance of GenAI over other technologies as an investment target in the information management space is another clear indication that organisations are prioritising the technology regardless of their existing AI strategies, said Lundell and Perry. 53% are planning GenAI investments in data management in 2025, up from 46% in 2024.Read more about cyber security investment plans for 2025Cybersecurity investments are set to increase in 2025, according to Enterprise Strategy Groups annual spending survey, and data loss prevention is leading the priority pack.10 cyber security predictions for 2025: AI will still be a hot topic this year, but dont miss out on other trends, including initial access broker growth, the rise of vCISOs, tech rationalisation and more.The basics drive 2025 identity security investments: New identity security tech might steal headlines, but it seems the basics get the most attention from businesses.In The Current Issue:Interview: Wendy Redshaw, chief digital information officer, NatWest Retail BankPreparing for AI regulation: The EU AI ActDownload Current IssueThe UK government's AI plan covers all the bases but needs a dose of pragmatism Computer Weekly Editors BlogData engineering - TetraScience: From lab to enterprise, what scientific data teaches us CW Developer NetworkView All Blogs