your123 - stock.adobe.com
News brief: AI's cybersecurity risks weigh on business leaders
Check out the latest security news from the Informa TechTarget team.
The complicated analysis of risk around AI weighs on business leaders. They want their organizations to reap the benefits of AI. After all, chatbots enable organizations to raise their customer service game, and AI tools can streamline the hiring process, enhance demand forecasting and automate manual and cognitive tasks. New AI uses are constantly being explored as organizations consider the pros and cons of AI in the workplace.
Yet corporate leaders recognize that those same tools also expose them to risks they didn't face in a pre-AI world. On the one hand, decision-makers worry that they aren't doing enough to govern and secure their organization's AI use. In fact, more than 70% of companies in the S&P 500 now identify AI use as a material risk.
On the other hand, business leaders understand that cybercriminals' use of AI is a threat they need to meet. Savvy malicious hackers take advantage of AI to craft phishing lures that appear more legitimate, opening the door to data exfiltration, a ransomware incident or both.
This week's featured articles look at these AI-related worries and how to address them.
If it's any consolation, recent research by Intel 471 found that not many malicious hackers are using AI in their criminal activities. The security firm said this might be because AI is computationally complicated or, perhaps less encouragingly, because attackers simply have plenty of effective methods at their disposal so an assist from AI isn't yet necessary.
IT leaders express growing alarm over AI-powered cyberattacks
A new survey of more than 800 IT leaders across seven countries revealed widespread concern about AI-enhanced cyberthreats. Conducted by managed services provider 11:11 Systems among companies with at least 1,000 employees, the survey found that 74% of security leaders believe their organizations are currently experiencing AI-powered cyberthreats.
The report revealed that nearly half (45%) of organizations have already experienced AI-based phishing attacks, while 35% have faced autonomous and mutating malware attacks.
Nearly three-quarters of the surveyed IT leaders said using AI could make their own organizations more vulnerable to cyberattacks.
In disclosures, S&P 500 companies see AI use as growing risk
More than 70% of S&P 500 companies now identify AI as a material risk in their public disclosures, representing a dramatic jump from just 12% in 2023, according to The Conference Board, a business-focused think tank. This surge reflects the rapid transition of AI from an experimental technology to one that's widely deployed across core business systems, including product design, logistics and customer interfaces.
Companies are flagging concerns about cybersecurity vulnerabilities, reputational damage and operational risks as they embed AI throughout their organizations. To address these concerns, organizations are beginning to require enhanced governance frameworks, regular board education and responsible-use policies to manage both strategic opportunities and fiduciary risks.
Organizations boost AI risk mitigation budgets
As enterprise AI adoption grows rapidly, organizations are significantly increasing their risk mitigation and governance investments for the next financial year, according to a report from software company OneTrust. Companies are implementing comprehensive AI oversight strategies that include first, second and third lines of defense to protect their AI systems.
This surge in governance spending reflects growing awareness of AI's dual nature: It offers substantial benefits while also introducing new cybersecurity vulnerabilities and operational risks. Industry experts emphasized the need for holistic policies, technical controls and integrated processes to manage AI responsibly.
Read the full story by Lindsey Wilkinson on Cybersecurity Dive.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Phil Sweeney is an industry editor and writer focused on cybersecurity topics.
