16 April 2024
New research from Hornetsecurity highlights the AI cybersecurity gap affecting UK businesses: although 45% of companies have fallen victim to cyberattacks, 26% are still not using AI to enhance their cybersecurity defences.
The survey reveals that cyber threats are an escalating concern. The increased sophistication of these attacks, largely attributed to AI facilitating the process of threat creation, has been acknowledged by 85% of respondents.
“The results show how prevalent cyber crime is – and while 74% of businesses integrate AI into their defences with the goal of blocking threats, there’s a concerning quarter who have yet to use this technology. Businesses must recognise the potential of AI in tackling cyber threats and integrate it in their security strategies to stay ahead of increasingly sophisticated attacks,” said Hornetsecurity CEO, Daniel Hofmann.
The dual nature of AI in cybersecurity continues to trouble professionals across the full range of sectors: an equal 40% of respondents see AI as a mitigator and an exacerbator of cyber threats. When it comes to personal experience, the direct split was again repeated: 45% of business leaders found AI helped and a further 45% reported AI had worsened the threat landscape.
This comes as AI is increasingly used by threat actors to automate, sophisticate (and sometimes translate) malicious attacks globally - and the UK’s National Cyber Security Centre (NCSC) found that AI is lowering the barrier of entry to novice cyber criminals.
There's a clear concern about AI-enhanced phishing attacks, with 58% identifying it as their top worry. Deepfake technology also emerges as a significant concern, with 39% of businesses worried about its potential - and growing - use in cyberattacks.
Despite the challenges, AI plays a crucial role in bolstering cybersecurity efforts. More than half of businesses (52%) use AI to improve threat detection, and 19% implement it for cybersecurity training. However, more than a quarter (26%) of companies are yet to adopt AI in their cybersecurity strategies, highlighting a gap in using advanced technology to detect and combat threats.
There is a marked split in prioritising investment in AI for cybersecurity, with 42% placing it at the top of their agenda, contrasted by 29% who consider it a lower priority or not a priority at all. This divide underscores the varying levels of awareness and readiness among businesses to integrate AI into their cybersecurity frameworks.
Alarmingly, only 19% of businesses feel well prepared for a zero-day attack, with a mere 8% rating themselves as fully ready. There is a disparity in preparedness across industries. The IT and Communication sector displays the highest confidence level, with 38% rating their readiness as 9 or 10. This is followed by the education and banking and financial services sectors.
Meanwhile, the sectors of government and defence, sport and recreation, and several others report a startling lack of confidence in their preparedness, highlighting a critical area for improvement. Over 1 in 10 businesses are not at all ready for a zero-day attack, a total of 11%.
Looking ahead, 74% of respondents believe that the role of AI in cybersecurity will only grow in importance over the next five years. This response indicates a future where AI's integration into corporate cybersecurity strategies is not just an option but a necessity.
“For businesses, the message is clear: embracing AI in cybersecurity is essential. Companies should not just invest in new technologies but strengthen all technical and human defences against an ever-evolving - and frightening - threat landscape,” said Hofmann.