New research by Threat Detection & Response provider, e2e-assure, reveals that despite the vast majority (85%) of cyber risk owners feeling confident in the success of their AI policies, only 34% of employees are aware any guidance exists.
Comparing this year’s findings to e2e-assure’s research from last year, cyber risk owners have made positive changes to improve their resilience with 29% of organisations confident that they are resilient, up 7% from last year. While those that have made investments in strong processes, technology and training have increased resilience, the adoption of AI could be putting UK businesses at risk. Most cyber risk owners (81%) admitted they are concerned about AI, and lack of employee diligence (73%) in mitigating cyber attacks.
The research shows that 62% of workers have used ChatGPT or Copilot in some capacity, with a significant 41% using one of these tools at least once per week. This rapidly evolving technology is often being adopted by employees without permission.
Although 85% of cyber risk owners said they are feeling confident about the success of AI policies put in place, the research reveals a significant discrepancy between the actual and perceived effectiveness of AI policies between employees and cyber risk owners. In fact, only one in three (34%) employees are even aware of AI policies at work.
This mismatch between cyber risk owners and employee knowledge around AI policies is extremely dangerous. Considering 43% of employees said they have personally been a victim of a cyber attack at work, and around half of those (23%) have experienced an attack in the last 12 months, using unapproved AI solutions that contradict company policies is creating a high level of concern.
According to Gartner, 69% of employees have bypassed cyber security guidance in the last 12 months and 74% said they would be willing to do this if it helped them achieve a business goal. e2e-assure's findings support this theory, with cyber risk owners seeing employees as a high-risk factor. 73% agreed most cyber attacks come through a lack of employee diligence and cited the use of unauthorised software as their top frustration (30%).
Rob Demain, Chief Executive Officer at e2e-assure, said:
“Our research this year has investigated the cyber resilience landscape in the UK and drilled down into how AI is set to impact UK businesses’ cyber defences. Gathering insights from 1000 employees and over 500 CISOs and decision-makers, or cyber risk owners, the report shines a spotlight and provides insight on the performance of security operations this year and advancements being made when it comes to cyber crime.”
“What’s clear is that the fragmentation of technology, which encompasses this year’s stratospheric rise of AI, hasn’t helped when it comes to building cyber resilience. In fact, AI could be about to unravel everything that’s been so hard fought for, putting UK businesses at risk. The need for ongoing education and training in this field will be pivotal in the months and years ahead.”
When employees were asked about the consequences of falling for a cyber attack, over half (59%) said they either receive training and risk disciplinary if they cause another breach (32%) or they are required to attend training (27%). While training is happening, less than a quarter (24%) of employees would describe themselves as ‘very engaged’ in the process.
Although, as a whole, organisations are feeling more confident in their resilience than last year; the findings show it’s vital for cyber risk owners to start looking at their resilience picture from the ground up, with three key recommendations emerging:
Keep employees at the centre of the security strategy
Keep security for end users simple
Have the right provider in place
