AI exposing perilous gap in businesses’ cyber controls: Report

More than a quarter of businesses currently using or planning to use artificial intelligence (AI) technologies have inadequate security controls in place, a new report by chartered accounting firm HLB Mann Judd has found, presenting an imminent cyber threat to these organisations.

Without adequate governance controls, and with an acknowledged persistent and growing cyber threatscape, HLB warns that a significant number of Australian and global organisations are sitting ducks for cyber-attackers.

HLB’s fifth edition of its 2024 Cybersecurity Report found critical cybersecurity governance gaps within more than one-quarter (28%) of the 600 global firms assessed.

Despite the rapid advancement and adoption of AI technologies, fewer than one in three (29%) surveyed businesses declared that they had implemented additional security and governance controls related to AI.

Glaringly, Kapil Kukreja, risk assurance partner at HLB Mann Judd Melbourne, noted that a considerable proportion of organisations are still overlooking basic security controls, “leaving themselves very vulnerable to breaches which can compromise their business operations”.

Moreover, only a third of businesses expressed confidence in their post-breach resilience, with many uncertain of their capacity to recover promptly after a cyber-attack.

Yet, despite the lacklustre preparedness, surveyed IT professionals appear to acknowledge the growing risk of cyber threats, with 64% rating cybersecurity as a major strategic priority; moreover, 92% have observed ongoing cyberattacks on businesses.

As well, more than a third (39%) of companies reported a rise in attacks, while 86% of surveyed professionals expressed heightened concerns over cybersecurity threats.

The survey also revealed that 29 per cent of respondents have reported more severe consequences from cyber-attacks in the last 12 months.

This, HLB says, underscores the urgency of implementing a comprehensive AI governance framework.

“The consequences of neglecting AI governance can be severe. One key concern is the potential for AI to be weaponised – a risk that is heightened by its scalability and autonomous operations, which poses a significant threat to data security,” Kukreja said.

“This not only exposes businesses to potential vulnerabilities but also highlights the urgent need for comprehensive AI governance frameworks. Companies must prioritise putting in place robust security measures alongside their AI initiatives, to safeguard against emerging cybersecurity threats,” he added.

Kukreja urged companies to establish controls and oversight mechanisms for the ethical and secure use of AI, as well as investing in regular audits and risk assessments to identify potential vulnerabilities.

“Organisations must also focus on integrating AI with existing cybersecurity measures to detect and prevent AI-driven attacks more effectively,” Kukreja said.

The costs of a cyber breach can be severe, and can pose an existential risk to businesses. A survey by IBM last revealed that the cost of a cyber breach for Australian businesses, on average, is more than $4 million, with costs growing by more than 32% over the last five years. Detection and escalation alone account for $1.68 million of this cost.

Resilience also needs to be addressed, calling on businesses to develop robust recovery strategies to manage a potential cyberattack. 80 per cent of companies have incident response plans in place.

“The fact that only a third of firms feel very confident in their ability to recover quickly from a cyberattack is concerning.

“This underscores the importance of not only implementing robust preventative measures but also developing comprehensive incident response and recovery plans. This will allow organisations to respond swiftly and effectively in case of a breach.”

The fifth edition of HLB’s Cybersecurity Report presents data from a snapshot survey of the current cyber threat landscape, recording the actions taken by IT professionals since 2020 to improve cyber resilience.