While 85% of companies’ ‘cyber risk owners’ are confident in their AI-related policies, just 34% of employees are aware such guidance even exists!
New research commissioned by e2e-assure, a company that specialises in threat detection and response, indicates a serious problem in cyber security – the use of AI by staff in ways that undermines wider efforts by a company to protect its systems.
Given recent high-profile cyber-attacks on well-known organisations, it’s no that surprise chief information security officers (CISOs) and IT security decision-makers place increase importance on cyber resilience. Indeed, the new report says 49% of the 503 such ‘cyber risk owners’ surveyed in August for the new report see resilience as their top priority – up from 36% last year, and overtaking speed at 43%.
Many companies have invested in improved processes, technology and training to make themselves more resilient. Indeed, 29% of the cyber risk owners surveyed are confident in their resilience – a significant improvement on last year’s 22%. But these owners are also gravely concerned by the potential of AI to undermine their efforts.
According to the report, 81% of risk owners were concerned by the risks posed to their systems by AI. While 85% said they were confident about the policies they have in place related to the use of AI, almost three-quarters of respondents, 73%, agreed that most cyber attacks are the result of lack of due diligence from staff. Use of unauthorised software by staff was the most cited frustration of risk owners (30%).
These findings support research published by analysts at Gartner last year that 69% of staff had bypassed cyber security in the preceding 12 months, while 74% of staff would do so if it helped them to achieve a business goal.
What’s more, the new e2e-assure research reveals that very few staff – just 34% – are even aware that such policies exist.
As part of the same study, researchers surveyed a thousand general office workers in the UK. Of these, 62% had used AI tools ChatGPT or Copilot in some capacity, while 41% used them at least once a week. In doing so, it seems that a significant number are doing so without permission and in violation of in-house policies. Where training is available, just 24% of staff described themselves as ‘very engaged’ in the process.
Ironically, staff seemed to be very aware of the risks to cyber security. Some 43% of general office workers surveyed said they had personally been victim of some kind of cyber attack while at work, some 23% of them experiencing such an attack in the previous 12 months. In addition, 32% were aware that they could risk disciplinary action for causing a breach.
The report concludes that it’s vital for cyber risk owners to look at resilience from the ground up. It’s three key recommendations are to keep employers at the centre of the security strategy, keep security simple for end users and have the right provider in place.
Rob Demain, Chief Executive Officer at e2e-assure, says: ‘Our research this year has investigated the cyber resilience landscape in the UK and drilled down into how AI is set to impact UK businesses’ cyber defences. Gathering insights from 1,000 employees and over 500 CISOs and decision-makers, or cyber risk owners, the report shines a spotlight and provides insight on the performance of security operations this year and advancements being made when it comes to cyber crime.
‘What’s clear is that the fragmentation of technology, which encompasses this year’s stratospheric rise of AI, hasn’t helped when it comes to building cyber resilience. In fact, AI could be about to unravel everything that’s been so hard fought for, putting UK businesses at risk. The need for ongoing education and training in this field will be pivotal in the months and years ahead.’
In related news:
Widespread benefits of Welsh government investment in broadband
UK’s largest independent study of real-world mobile connectivity begins
Leave a Reply