CFOs, who have been directed to embrace new tools such as generative AI, should be aware of the cybersecurity ramifications that may accompany the integration of these technologies. Amid the hype around generative AI, the benefits this new technology can bring to nearly every facet of an organization are being identified and strategized around by leadership across industries. These initiatives, driven in part by elimination of redundancies, increase in employee morale, and access to better data, have seldom mentioned how bad actors can leverage these new technologies to commit fraud and cybercrime — until now.
Seventy-five percent of security professionals said they have seen an uptick in attacks over the past year, with 85% attributing the rise to bad actors using generative AI, according to a new generative AI and cybersecurity report by Sapio Research and Deep Instinct. The report collected responses from just over 650 cybersecurity experts and leaders.
Generative AI Can Create Vulnerabilities
As businesses prepare employees to use new tech powered by generative AI, cybersecurity leaders warn this will leave organizations unknowingly exposed to cyber criminals. Nearly half (46%) of all respondents said they believe generative AI will leave businesses more vulnerable to cyber attacks than they were prior to AI implementation.
Due to this increased exposure, researchers say the cybersecurity industry is being forced to change its legacy approach. Rather than developing cybersecurity solutions as a reactive tool, leadership in the field said they must adjust their data security practices towards a proactive approach. This approach is a drastic step, but surveyors calculated a 95% increase in preference towards this change (72% this year versus 37% last year).
When asked about top concerns about AI’s role in cybersecurity threats, responses varied. Thirty-nine percent said they envision an increase in privacy concerns, while 37% said they believe an increase in undetectable phishing attacks is possible. A third of respondents also said they see an increased volume and velocity of attacks happening, and an increased presence of deep fakes used to orchestrate the attacks.
Bad Actors Are Winning
It’s clear why the frequency and costs associated with cyber arracks are increasing; the criminals are winning. According to findings, nearly half (47%) of respondents said their companies now have a policy to pay any ransoms associated with a cyber security threat. Not only is that number up 13% since last year, but 42% of respondents say they paid for stolen data to be returned to them over the past year. Less than a third of respondents (32%) said the same in 2022.
Data also showed that payments to hackers didn’t guarantee them from being unaffected by the attack. Nearly half (45%) of those who paid cyber criminals still had their data exposed.
As CFOs and their fellow executives seek to cut costs and achieve growth in an unpredictable economic environment, executive leadership concerns around ransomware have jumped. Nearly two-thirds (62%) of those surveyed said ransomware is the number one concern of their C-suite — up 44% from 2022.
Impacts on Mental Health
The morale and mental health of employees, something that leadership groups have tried many different ways to optimize, may also be negatively impacted by a cyber security attack. According to findings, over half (55%) of cybersecurity experts said their stress increased over the past year due to the increased pressures to combat bad actors.
The factors that bake into the newly acquired stress range from labor limits to reputation concerns. Over four in 10 (42%) of respondents said staffing and resource limitations are the cause of their increased stress levels. Over one-third said that the rising complexity of technology, fear of generative AI, and the increased volume of attacks have all caused their stress to increase in 2023 — 34%, 33%, and 32% respectively.