AI adoption set to unravel years of cyber resilience

Report reveals 85% of cyber risk owners are confident in the success of AI policies but only 34% of employees are aware any guidance exists.

  • Tuesday, 24th September 2024 Posted 2 months ago in by Phil Alsop

New research by Threat Detection & Response provider, e2e-assure, reveals that despite the vast majority (85%) of cyber risk owners feeling confident in the success of their AI policies, only 34% of employees are aware any guidance exists.

Comparing this year’s findings to e2e-assure’s research from last year, cyber risk owners have made positive changes to improve their resilience with 29% of organisations confident that they are resilient, up 7% from last year. While those that have made investments in strong processes, technology and training have increased resilience, the adoption of AI could be putting UK businesses at risk. Most cyber risk owners (81%) admitted they are concerned about AI, and lack of employee diligence (73%) in mitigating cyber attacks.

The research shows that 62% of workers have used ChatGPT or Copilot in some capacity, with a significant 41% using one of these tools at least once per week. This rapidly evolving technology is often being adopted by employees without permission.

Although 85% of cyber risk owners said they are feeling confident about the success of AI policies put in place, the research reveals a significant discrepancy between the actual and perceived effectiveness of AI policies between employees and cyber risk owners. In fact, only one in three (34%) employees are even aware of AI policies at work.

This mismatch between cyber risk owners and employee knowledge around AI policies is extremely dangerous. Considering 43% of employees said they have personally been a victim of a cyber attack at work, and around half of those (23%) have experienced an attack in the last 12 months, using unapproved AI solutions that contradict company policies is creating a high level of concern.

According to Gartner, 69% of employees have bypassed cyber security guidance in the last 12 months and 74% said they would be willing to do this if it helped them achieve a business goal. e2e-assure's findings support this theory, with cyber risk owners seeing employees as a high-risk factor. 73% agreed most cyber attacks come through a lack of employee diligence and cited the use of unauthorised software as their top frustration (30%).

Rob Demain, Chief Executive Officer at e2e-assure, said:

“Our research this year has investigated the cyber resilience landscape in the UK and drilled down into how AI is set to impact UK businesses’ cyber defences. Gathering insights from 1000 employees and over 500 CISOs and decision-makers, or cyber risk owners, the report shines a spotlight and provides insight on the performance of security operations this year and advancements being made when it comes to cyber crime.”

“What’s clear is that the fragmentation of technology, which encompasses this year’s stratospheric rise of AI, hasn’t helped when it comes to building cyber resilience. In fact, AI could be about to unravel everything that’s been so hard fought for, putting UK businesses at risk. The need for ongoing education and training in this field will be pivotal in the months and years ahead.”

When employees were asked about the consequences of falling for a cyber attack, over half (59%) said they either receive training and risk disciplinary if they cause another breach (32%) or they are required to attend training (27%). While training is happening, less than a quarter (24%) of employees would describe themselves as ‘very engaged’ in the process.

Although, as a whole, organisations are feeling more confident in their resilience than last year; the findings show it’s vital for cyber risk owners to start looking at their resilience picture from the ground up, with three key recommendations emerging:

Keep employees at the centre of the security strategy

Keep security for end users simple

Have the right provider in place

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 5 days ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 6 days ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 6 days ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.