Businesses embrace AI, neglect cyber security measures

The Hiscox Cyber Readiness Report 2024 has revealed that businesses are rapidly integrating technologies such as generative AI faster than they are adopting necessary cyber security measures, leaving them vulnerable to sophisticated attacks.

The report highlights that 70% of firms globally, including 70% of firms in the UK, have integrated generative AI into their operations. Despite this widespread adoption, only 56% of global, and 57% of UK, business leaders recognise the potential impact of generative AI on their cyber security risk profile. This indicates a notable gap in awareness and preparedness.

A significant finding from the report is that 34% of global firms, and 37% of UK firms, admitted their security measures are compromised due to a lack of expertise in managing risks associated with emerging technologies. Over half of the firms surveyed also reported a critical shortage of cyber security talent.

As businesses incorporate new technologies such as AI, IoT, and cloud computing into their operations, their exposure to cyber threats increases. Approximately 32% of firms, both globally and within the UK, are lagging in adopting necessary cyber security technologies to protect against these new risks.

The report indicates a significant rise in cyber incidents, with two-thirds of organisations (67% globally and 70% in the UK) having experienced more cyber attacks in the past year compared to the preceding year. This increase in attacks poses a major risk to business reputation and brand trust.

Following cyber attacks, businesses reported facing challenges such as a greater difficulty in attracting new customers, with 47% globally and 46% in the UK experiencing this issue. Furthermore, 43% (global) and 40% (UK) of firms reported a loss of customers and 38% (global) and 37% (UK) experienced negative publicity.

Ransomware payments have also been influenced by reputational concerns. The top reasons organisations paid ransoms included protecting customer data, safeguarding their reputation, and recovering data in the absence of backups. Despite these efforts, only 18% of businesses fully recovered their data post-payment.

Eddie Lamb, Chief Information and Security Officer at Hiscox, stated, "In today's business environment, protecting the reputation of any business is just as critical as safeguarding the physical assets. Businesses will spend not only years but also thousands if not millions of pounds building their reputation, only to see it destroyed in minutes following a cyber attack. It is vital that businesses continue to foster an environment where cyber education is a continuous process, ensuring every member of the organisation understands the critical role they play in maintaining cyber security."

The report also notes that 26% of global businesses, and 28% in the UK, now view cyber risk management as essential to supporting innovation. This recognition underscores the necessity for businesses to integrate cyber security into their operations as they continue to adopt new technologies.

Eddie Lamb further commented, "Businesses need to see technological innovation and cyber security as complementary, rather than conflicting, forces. Business leaders will need to continue to invest in attracting the right expertise to manage emerging technology risks if they are to not just survive but thrive in a world of expanding technologies with their reputations intact."