AI poses new cyber threats with many businesses unprepared

As the world gathers in the UK for the first Global Artificial Intelligence (AI) Safety Summit at Bletchley Park there are new concerns over the level of security firms currently possess to fight the threat of AI backed cyber-attacks.

New research by OnePoll and cybersecurity consultancy, Gemserv, reveals that companies must upgrade their systems now as AI threatens to make cyber-attacks more sophisticated.

It added knowledge and information gaps are emerging as critical challenges, particularly for Chief Information Security Officers (CISOs), as the cyber threat landscape is expected to become increasingly volatile, further exacerbated by this year’s geopolitical tensions.

The report titled “Through the Cyber Lens: The Evolving Future of Cyber Security”, surveyed 200 CISOs across the United Kingdom and Europe, assessing the readiness of CISOs to confront their evolving challenges, particularly those stemming from the rise of AI innovation, while also exploring their expectations for the future.

The survey revealed that 38% of respondents anticipate a significant increase in cyberattacks utilising deep fake AI technologies over the next five years, with an additional 45% expecting a moderate rise. In total, 83% of respondents  said they believe that generative AI will play a more prominent role in cyberattacks. However, just 16% of respondents consider their organisations to have an excellent understanding of these advanced AI tools.

Mandeep Thandi, director of Cyber and Privacy at Gemserv, commented: “As the AI revolution transforms the landscape of cybersecurity, CISOs stand at the forefront of this change. AI is reshaping the contours of cyber defence by augmenting human capabilities, predicting threats, and fortifying organisations against the volatile cyber threat landscape.”

The ever-evolving cyber threat landscape presents CISOs with the formidable challenge of predicting and preparing for attacks the report explained. Information and budgetary resources are essential for adequate preparation. However, the survey’s resulted revealed more cause for concern:

  • 69% of organisations lack access to either SIEM tooling or cyber threat intelligence, with 8% having neither.
  • 78% of CISOs believe the cyber threat landscape will become more complex and challenging over the next 12 months.

A significant 83% of CISOs expect to see more cyber-attacks using generative AI tools.

“In this environment of uncertainty, CISOs face challenges in securing adequate budgets, making informed decisions, and recruiting and retaining the right talent,” It added. “These hurdles underscore the urgency of investing in cybersecurity resources, including robust cyber threat intelligence, as a proactive measure to combat evolving threats.”

When it comes to advising key stakeholders within their organisations, the survey revealed that 63% of CISOs feel that their senior leadership lacks a comprehensive understanding of the imminent cybersecurity and privacy threats. Moreover, 69% of European CISOs and 61% of UK CISOs report a deficiency in cyber threat intelligence (CTI), hindering their ability to prioritise budgets and inform their boards about impending threats.

Thandi added: “CTI is vital for organisations as it provides proactive insights into potential cyber threats, enabling timely identification, risk assessment, and tailored defence strategies. It empowers organisations to stay ahead of adversaries, enhance incident response, and continuously improve their cybersecurity posture in the face of evolving cyber risk.”

Amidst these challenges, new regulations are on the horizon. The European Union’s (EU) AI Act and the UK’s Data Protection and Digital Information (DPDI) Bill are set to reshape the regulatory landscape. These regulations aim to clarify, manage risks, and strengthen rules around data quality, transparency, human oversight, and accountability.

A total of 82% of CISOs believe these new regulations will support their organisations’ growth and expansion of services. The EU’s AI Act, in particular, distinguishes between high-risk and low-risk AI tools, ensuring that organisations maintain high standards of transparency and security.

“In conclusion, the survey offers a sobering glimpse into the world of CISOs tasked with safeguarding digital landscapes amidst a barrage of challenges,” Thandi added. “While CISOs demonstrate unwavering resilience, the need for additional resources and support is palpable. Budget constraints, talent shortages, communication gaps, and evolving cyber threats underscore the urgency of fortifying cybersecurity efforts.”