The views expressed in this article represent Nasser’s personal opinion and not those of the NHS at large.
When artificial intelligence comes up in cybersecurity circles, the conversation usually starts with risk.
From deep-fake scams to AI-powered phishing and automated ransomware, the narrative is often one of escalating threats.
But for Nasser Arif, Cyber Security Manager at London North West Healthcare NHS Trust, that perspective is only half the story.
“There’s two sides to this – from the threat perspective, we are probably going to see new attack methodologies, or new attack vectors utilizing AI,” Arif told UC Today.
“But I think it’s important not to keep the focus on the negative, and see the benefits AI can bring if we take the time to understand how it works and build it securely from the ground up.”
From Fear to Empowerment
That mindset – optimism tempered by realism – marks a quiet shift in how cybersecurity is being discussed across government and healthcare.
The conversation is moving away from fear-driven messaging and finger-pointing toward something more collaborative and human.
Within the NHS, this approach is being championed as a core part of digital resilience. Instead of treating staff as potential weak points, cybersecurity leaders are working to position them as the system’s first line of defence.
“In the cyber industry, we often see our staff members blame each other when mistakes happen – but I want to see a shift away from that approach, more to how can we use humans as our main line of defence?”
That empowerment starts with design. The more developers and cybersecurity teams understand how people actually work day to day, the more they can embed safety into the tools staff already use – from patient-record systems to internal communications platforms.
“Once you know how someone works, you can make sure that they’re working in the safest way possible,” he added.
“Security isn’t added on afterwards, it’s part of the design.
Building Systems For Humans
This concept – “human-centric cybersecurity” – is gaining traction across both public and private sectors. It borrows from behavioural science, design thinking and psychology to rethink the role of the user.
Rather than expecting every employee to become a cybersecurity expert, it’s about creating systems that fit naturally into human behaviour.
For the NHS, that’s particularly critical. Healthcare staff often operate under pressure, juggling competing demands with limited time. If a security process slows them down or feels unintuitive, they’ll naturally find workarounds. Designing with that reality in mind means creating systems that keep patients safe and staff supported.
“The more we understand about people’s behaviours — not just cyber behaviours, but everything — the better we can design systems that work for them,” Arif added. “We can make security seamless, not obstructive.”
It’s an ethos that goes beyond training sessions or phishing simulations to reflect a culture and create an environment where staff feel supported and informed, rather than policed.
Collaboration As a Cyber Strength
Part of what makes the NHS model distinctive, Arif explains, is its collaborative DNA.
Cyber teams across trusts and regions work closely together, sharing intelligence and lessons learned.
“We don’t work in silos,” he adds. “We share intel, we support each other, we talk – not just about cybersecurity, but everything. You always have someone to bounce ideas off. That’s what cybersecurity should be about. It’s a team sport.”
That culture of openness helps the organisation respond quickly to new threats and reinforces the message that security isn’t the responsibility of one department, it’s everyone’s business.
When it comes to AI, that same philosophy applies.
It can automate detection, streamline response, and even personalise cyber training – but only if it’s introduced responsibly.
“Wherever we use AI, we need to make sure the skill sets are there,” Afif explains. “It’s not just about deploying new technology; it’s about empowering people to use it properly.”
He believes that by embedding AI within a secure framework (grounded in human understanding) organisations can get ahead of attackers instead of reacting to them. Rather than fearing automation, he sees an opportunity to make security smarter and more adaptive.
“I’m optimistic,” he says. “AI can do amazing things for every sector – healthcare, finance, cybersecurity. We just need to make sure we’re doing it properly.”
A Future Built on Awareness and Trust
Looking ahead, Arif sees cybersecurity awareness continuing to grow across industries. From phishing to scam calls, the threats may seem mundane, but they often serve as gateways to larger attacks.
As technology evolves, he argues, the human element remains the constant – both the source of vulnerability and the key to resilience. The real opportunity lies in bridging the two: combining AI’s analytical power with human intuition and empathy.
“Cybersecurity is everyone’s responsibility,” he says. “If we get the human side right, the technology will follow.”
His message, ultimately, is one of balance. AI, like any tool, can be dangerous in the wrong hands – but it can also be transformative when guided by people who understand its potential and its limits.
As the NHS continues its digital transformation, this people-first approach could become a model for others to follow: security not as a barrier, but as an enabler; technology not as a threat, but as a partner.
“We can’t stop progress,” he says. “But we can shape it – and we can make sure it works for us, not against us.”
UCX London 2025: AI, Contact Centers, and the Future Workplace
