AI adoption set to unravel years of cyber resilience

Report reveals 85% of cyber risk owners are confident in the success of AI policies but only 34% of employees are aware any guidance exists.

  • Tuesday, 24th September 2024 Posted 11 months ago in by Phil Alsop

New research by Threat Detection & Response provider, e2e-assure, reveals that despite the vast majority (85%) of cyber risk owners feeling confident in the success of their AI policies, only 34% of employees are aware any guidance exists.

Comparing this year’s findings to e2e-assure’s research from last year, cyber risk owners have made positive changes to improve their resilience with 29% of organisations confident that they are resilient, up 7% from last year. While those that have made investments in strong processes, technology and training have increased resilience, the adoption of AI could be putting UK businesses at risk. Most cyber risk owners (81%) admitted they are concerned about AI, and lack of employee diligence (73%) in mitigating cyber attacks.

The research shows that 62% of workers have used ChatGPT or Copilot in some capacity, with a significant 41% using one of these tools at least once per week. This rapidly evolving technology is often being adopted by employees without permission.

Although 85% of cyber risk owners said they are feeling confident about the success of AI policies put in place, the research reveals a significant discrepancy between the actual and perceived effectiveness of AI policies between employees and cyber risk owners. In fact, only one in three (34%) employees are even aware of AI policies at work.

This mismatch between cyber risk owners and employee knowledge around AI policies is extremely dangerous. Considering 43% of employees said they have personally been a victim of a cyber attack at work, and around half of those (23%) have experienced an attack in the last 12 months, using unapproved AI solutions that contradict company policies is creating a high level of concern.

According to Gartner, 69% of employees have bypassed cyber security guidance in the last 12 months and 74% said they would be willing to do this if it helped them achieve a business goal. e2e-assure's findings support this theory, with cyber risk owners seeing employees as a high-risk factor. 73% agreed most cyber attacks come through a lack of employee diligence and cited the use of unauthorised software as their top frustration (30%).

Rob Demain, Chief Executive Officer at e2e-assure, said:

“Our research this year has investigated the cyber resilience landscape in the UK and drilled down into how AI is set to impact UK businesses’ cyber defences. Gathering insights from 1000 employees and over 500 CISOs and decision-makers, or cyber risk owners, the report shines a spotlight and provides insight on the performance of security operations this year and advancements being made when it comes to cyber crime.”

“What’s clear is that the fragmentation of technology, which encompasses this year’s stratospheric rise of AI, hasn’t helped when it comes to building cyber resilience. In fact, AI could be about to unravel everything that’s been so hard fought for, putting UK businesses at risk. The need for ongoing education and training in this field will be pivotal in the months and years ahead.”

When employees were asked about the consequences of falling for a cyber attack, over half (59%) said they either receive training and risk disciplinary if they cause another breach (32%) or they are required to attend training (27%). While training is happening, less than a quarter (24%) of employees would describe themselves as ‘very engaged’ in the process.

Although, as a whole, organisations are feeling more confident in their resilience than last year; the findings show it’s vital for cyber risk owners to start looking at their resilience picture from the ground up, with three key recommendations emerging:

Keep employees at the centre of the security strategy

Keep security for end users simple

Have the right provider in place

Arrow Electronics triumphs at ChannelWatch Awards 2025

Posted 42 minutes ago by Aaron Sandhu
Arrow Electronics secures four prestigious recognitions, cementing its leadership in the IT distribution sector.
Espria and Sophos unite IT and finance leaders for a cyber simulation event on 7th October at Churchill War Rooms.
Westcon-Comstor's latest sustainability report shows significant progress in renewable energy adoption and emission cuts. The company eyes a...
Zyxel Networks introduces a PAYG billing model via its Circle platform, catering to the varying needs of MSPs and SMBs leveraging the Nebula cloud.
Nebula Global Services launches the Nebulab Verified™ Engineer Ecosystem, setting new benchmarks in engineering excellence and trust.
Abzorb launches a Mobile Masterclass to empower UK channel partners to integrate mobile as a core business offering.

Tool sprawl: The quiet culprit behind MSP burnout

Posted 1 month ago by Aaron Sandhu
A Heimdal study reveals how the proliferation of security tools overwhelms and exhausts North American MSPs, leading to significant operational...
StorONE's platform allows Storage Guardian to consolidate its infrastructure and boost efficiency, dramatically reducing its data centre footprint.