The Cost of Convenience: The Security Risks of Embracing AI-Driven Technologies

AddictiveTips Staff | May 15, 2023

With each passing day, it seems like there's a new AI tool to explore.

Because of this, it's impossible to ignore the advantages AI has to offer. Organizations around the globe and across various sectors are now starting to implement the use of AI for a multitude of purposes — from automating business processes to improving customer experience, and beyond.

But here's the catch — with the rise of AI-based systems comes an increased risk of cybersecurity threats and vulnerabilities that cannot be ignored. To better understand how companies are addressing these concerns, we conducted a survey on how AI is changing the cybersecurity landscape and how organizations are handling these new risks. We then took our findings to cybersecurity expert Greg Young, VP of Cybersecurity from Trend Micro, who dives further into our survey results.

Current Status of AI Adoption

Based on the survey data, most respondents (64.53%) plan to implement AI-based systems in their workflow, while 21.18% already use AI in their tech stack or employee workflow. This shows that most companies recognize the potential benefits of AI and are actively exploring ways to integrate it into their operations.

UK-based companies are the quickest to adapt AI into their workflow, with around 35% reporting doing so, followed by Australia (29%), Canada (23.21%), and the US (17.74%).

In addition, when asked about the time split between using chat AI and non-chat AI tools, participants from a few sectors like marketing, publishing, and retail revealed that they spend almost all their time using chat-based AI tools like ChatGPT. This indicates that industries like these recognize the potential of chat-based AI tools to improve the efficiency of day-to-day operations.

An Industry Perspective to Improve AI-based Systems

AI is increasingly used across industries to optimize processes and improve efficiency. AI has been applied in various fields, including marketing, finance, retail, as well as government organizations for video surveillance, speech recognition, customer interactions, process management, data analysis, workflow management, data mining, and content creation.

While each company has its own approach to AI and cybersecurity, let’s take a bird’s eye view of the AI security trends across sectors.

• 73% of companies from the agriculture, forestry, fishing, or hunting sector have chosen to educate their employees about the proper usage of artificial intelligence and cybersecurity risks.
• 49% of educational organizations have experienced a cybersecurity breach due to AI-based systems.
• 72% of the respondents from marketing/sales firms believe that privacy and compliance threats are the most concerning risk for their AI-based systems.
• One-third of government and public administration companies have already incorporated AI in their workflow and have invested more than $5000 towards cybersecurity measures.
• 72% of respondents from the retail sector are planning to include AI-based systems in their workflows.
• Almost 60% of finance and insurance companies have experienced a security breach related to AI-based systems, but 87% still believe its advantages are worth the risks.
• Around 33% of companies from information (services & data) have already included AI in their workflows, and over 53% have invested over $5000 towards cybersecurity measures.

AI Impact on Cybersecurity: Would the Use of AI Put Businesses at Risk?

As AI continues to revolutionize how businesses operate, it's hard to ignore the potential risks that come with it.

A significant proportion of respondents expressed concern about the impact of AI in cybersecurity, with around 30% reporting being somewhat worried and 17% being very worried. It is clear that some companies are approaching the integration of AI with caution and have legitimate reservations.

When asked about this cautious stance on AI even as it’s proliferating at a fast pace, Greg Young from Trend Micro, remarked, “AI is going to be everywhere; it already is. I don't think we're ready — policy or technology-wise — to deal with this. Our policy is far behind, and so are the security tools to help with this. … I think people are right to be concerned, but it may not necessarily warrant a state of high alarm.”

His opinion mirrors the survey results, with almost 67% of the surveyed decision-makers having heard about the recent data leaks due to the usage of AI-based systems and 50% of them already experiencing some form of a security breach due to them.

This vulnerability in cybersecurity is higher in some sectors like agriculture, forestry, fishing, or hunting (88%), information (services & data) (70%), retail (62%) and finance (59%).

When asked about agriculture being a highly-vulnerable sector in terms of AI security threats, Greg explained, “The agricultural industry is increasingly relying on complex algorithms for tasks such as controlling equipment, scheduling based on weather, shipping products, and truck deliveries. So, when all of these are getting increasingly automated, any errors, inefficiencies or attacks would compound the effect of a normal cyberattack.”

And as other industries also begin to rely heavily on AI for their everyday operations, it is inevitable that the inherent AI cybersecurity risks will also increase. The biggest question here then becomes: Is the risk worth the reward?

Is the Risk of AI-Based Systems Worth the Reward?

While AI has many potential benefits, there are also risks associated with its use. The survey results found that decision-makers are split on artificial intelligence vulnerabilities and benefits.

While half of the respondents reported experiencing security breaches due to using AI systems, a majority of them (55.37%) still believe that the benefits of AI outweigh the risks. There’s also a notable level of apprehension, with one-third of the respondents expressing their belief that the potential AI cybersecurity threats may exceed the benefits.

Despite experiencing the most security breaches, many industries still believe that AI is worth the investment. Around 58% of the participants from agriculture, forestry, fishing, or hunting and 87% from finance and insurance still believe that the gains associated with using AI systems outweigh its security concerns.

Interestingly, the survey also revealed that 67% of participants from the government and public administration, as well as 57% from the education sector, believe that AI security vulnerabilities do not justify the gains.

Greg remarks on such contrasting views from different sectors: “Some sectors have addressed the AI security concerns better than others. Government organizations haven’t really wrestled with these issues, while some, like the manufacturing sector, may be better prepared due to their experience with IoT and operational technology.”

When asked about the threat of AI and national security, Greg explains, “The creation of new sensitive government information using AI poses a challenge, as using machine learning to predict outcomes can obscure the true source of information. So non-sensitive information may inadvertently lead to the creation of top-secret information.”

Given the varying views among industries on the use of artificial intelligence and its impact on cybersecurity despite its risks, it is crucial to identify areas of threats to develop effective policies and cybersecurity practices.

Who Are Most Vulnerable to AI Security Threats?

According to the survey, companies with over 5000 employees are the most vulnerable to AI-related security breaches, with 73% of them reporting experiencing such incidents.

It indicates that as organizations grow and become increasingly reliant on AI-based systems, the risk of AI-related security breaches also increases.

So, how exactly will AI affect cybersecurity?

Greg answers, “Most common example would be leaking information through generative AI, like ChatGPT, where you feed information and get an output you don't own. So even if an organization isn’t using it as a corporate tool, their secrets could still be leaked through individual usage.”

He further adds, “While leaking through individual use is quite common, the risk can also arise from the use of third-party contractors or service providers who may hold their data. Contracts with these third-party companies are often not optimized for this kind of technology, which can result in various service data holdings collecting their data.”

It is, therefore, not surprising that data breaches are one of the top concerns for 59.54% of respondents, second only to malware attacks (64%). 56.67% of the respondents chose phishing attacks as their top concern, while 47.01% chose social engineering attacks.

It’s interesting to note that small-size companies (1-50 employees) are most concerned about data breaches, while mid-size companies (51-500 employees) and enterprise organizations with over 5000 employees are more concerned about malware attacks. Additionally, large companies (501-5000 employees) consider phishing attacks the number one cybersecurity risk.

Among those who are most concerned about being attacked by malware, finance & insurance (74%), agriculture, forestry, fishing, or hunting top the list (66%), and education (62%). Incidentally, agriculture, forestry, fishing, or hunting (63%), education (62%), and finance & insurance companies were the most concerned by data breaches too (54%).

How Much Are Companies Investing in Cybersecurity to Combat AI-Based Attacks?

Businesses are proactively addressing the risks associated with AI by investing in strong cybersecurity solutions. The survey revealed that 39% of businesses allocated funds ranging from $1000 to $5000 towards this important initiative, while 27% invested more than $5000.

Incidentally, almost three-fourths of the companies already using AI for their operations have invested at least $1000 to protect themselves from any security vulnerability.

However, not all industries are equally concerned about AI and cybersecurity risks. 37.5% of companies from the retail sector have invested only a minimal amount of $500 to $1000 in cybersecurity measures, and almost 28% have made less than $500 investment or no investment. Similarly, almost 30% of healthcare and social assistance companies have invested less than $1000 or have made no investment.

In contrast, 40% of those from the advertising sector are ‘somewhat worried’ about AI-based systems, while another 40% are ‘extremely worried,’ and, incidentally, 60% of them have invested over $5000 in cybersecurity measures.

Similarly, decision-makers from finance and insurance and information (services and data) also expressed a significant amount of worry about the use of AI and security issues. Notably, around 50% of them from both sectors have invested more than $5000 towards cybersecurity initiatives.

Out of the companies surveyed, around 7% decided not to invest in cybersecurity measures. Interestingly, these companies have not experienced any security breaches.

How Are Companies Countering the Security Threats?

With a high percentage of companies experiencing some form of an AI data breach, it's no wonder that they are taking cybersecurity measures seriously.

63% of businesses are installing security software as a proactive approach to counter the security threats posed by AI-based systems, while 54% have implemented data encryption, and 50% are monitoring systems for malicious activities.

One platform helping companies stay safe in the face of an AI-dominated world is XDR (extended detection and response), Trend Micro’s threat detection and response system. Greg explains how XDR works, “Rather than bombarding people with a multitude of low-quality alerts, XDR can analyze vast amounts of data to accurately identify potential attacks and provide high-fidelity alerts. This way, people can directly take an action or ask the machine to block the attack.”

Interestingly, almost 59% of companies concerned about phishing attacks have chosen just to install on-premise tools to combat any vulnerability in cybersecurity.

Among companies that don’t feel confident at all in their ability to comply with data privacy regulations, almost 69% of them chose to educate their employees about the importance of cybersecurity. And, almost 58% of companies that have chosen the cost-effective measure of educating their employees as their #1 strategy have invested less than $500 towards cybersecurity measures.

As companies continue to choose their preferred method of cybersecurity, the question remains:what does the future hold for AI, machine learning and cybersecurity?

Greg stresses the importance of creating strong policy and cybersecurity measures through the partnership of government and private sector companies.

“The government is moving at a different pace than the tech industry, and so it’s up to the private sector to lead the way,” says Greg. “Public-private partnerships are crucial for solving security problems, but there needs to be good regulation, understanding, and cooperation to ensure that the private sector is not solely in control and is acting in the best interest of citizens, not just consumers.”

Although there may be some challenges and bad experiences along the way, the industry can solve these issues through policy and security measures.

Methodology

Survey data was collected through an online Pollfish survey of 1015 participants from small, mid and large-sized businesses. The participants are composed of decision-makers (Owners, Partners, Presidents, Chairpersons, CFOs, CTOs, Senior Management, Middle Management, Directors and C-Level Executives) from the USA, Canada, Australia & UK.

Fair Use Statement

Feel free to share our study on AI and cybersecurity with others. We just kindly ask that you give credit to our hardworking editorial team by including a link to the original page.

Inquiries