A recent study conducted by e2e-assure, a provider of Threat Detection & Response services, has highlighted a significant discrepancy between the perceived effectiveness of AI policies and their actual implementation within UK organisations. Despite the majority of cyber risk owners expressing confidence in their AI policies, only a small proportion of employees are aware of these guidelines.
The research found that while there has been an increase in the cyber resilience of UK organisations over the past year, the adoption of AI technology poses a potential risk. Many cyber risk owners expressed concerns about the misuse of AI and the lack of employee diligence in mitigating cyber threats.
The study revealed that a substantial number of employees are using AI tools like ChatGPT and Copilot without appropriate authorisation. This practice, combined with a lack of awareness of AI policies, creates a dangerous situation for UK organisations.
Furthermore, the research suggests that employees are frequently willing to bypass cyber security guidelines to achieve business objectives, highlighting the importance of effective employee training and awareness programmes.
Rob Demain, Chief Executive Officer at e2e-assure, said: “Our research this year has investigated the cyber resilience landscape in the UK and drilled down into how AI is set to impact UK businesses’ cyber defences. Gathering insights from 1000 employees and over 500 CISOs and decision-makers, or cyber risk owners, the report shines a spotlight and provides insight on the performance of security operations this year and advancements being made when it comes to cyber crime.”
Demain continues: “What’s clear is that the fragmentation of technology, which encompasses this year’s stratospheric rise of AI, hasn’t helped when it comes to building cyber resilience. In fact, AI could be about to unravel everything that’s been so hard fought for, putting UK businesses at risk. The need for ongoing education and training in this field will be pivotal in the months and years ahead.”
When employees were questioned about the potential consequences of falling victim to a cyber attack, over half (59%) indicated that they would either receive training and face disciplinary action if they caused another breach (32%) or be required to attend mandatory training (27%). Despite these measures, less than a quarter (24%) of employees described themselves as ‘very engaged’ in the training process.
Although organisations, as a whole, are feeling more confident in their resilience compared to last year, the findings suggest that cyber risk owners should adopt a bottom-up approach to their resilience strategy.
E2e-assure recommend prioritising employee engagement, simplifying security measures and choosing the right partnerships as cornerstones of resilience for organisations.
The news coincides with International Cyber Expo, where e2e-assure are Founding Partners.