Nine in 10 Canadian CEOs worried new tech will make them more vulnerable to breaches: report
Canadian employers have a pressing need for better cybersecurity amid the rise of generative artificial intelligence (AI), finds a recent report from KPMG. Overall, just 56% of Canadian CEOs believe their companies are prepared for a cyberattack today, and 93% are worried that the emergence of generative AI will make them even more vulnerable to breaches.
Despite this, 75% of Canadian CEOs are making generative AI a top investment priority.
"Generative AI can help organizations bolster their security posture and gain efficiencies while doing so. However, the reality is cybercriminals will increase the use of generative AI in their attack strategies as well, and they can be much faster at adopting the technology than large organizations are,” said Hartaj Nijjar, partner and national leader of KPMG in Canada's cybersecurity practice.
“What that means is we're likely to see more generative AI-enabled attacks particularly through social engineering, where deepfakes can be deployed to fool employees into compromising company data, and bypassing traditional access methods."
Cybercriminals upped their activity in the first half of 2023 compared to the previous year, and one thing that’s fuelling the increase in cyber attacks is companies’ adoption of AI, according to a previous Trend Micro report.
What makes employers underprepared for cyber attacks?
Canadian employers are underprepared for a cyber attack for the following reasons, according to KPMG International's latest CEO Outlook, based on a survey of 1,325 CEOs between Aug. 15 and Sept. 15, 2023:
- 38% cited vulnerable or legacy systems or infrastructure (20% globally)
- 25% cited increasing cyber threat and attack sophistication (34% globally)
- 19% said lack of investment in cyber defences (15% globally)
- 13% said shortage of skilled personnel (24% globally)
- 6% said cybersecurity is not regarded as a business priority (7% globally)
And many among them have fallen prey to cybercriminals. Six in 10 companies said their company paid a ransom to cybercriminals in the last three years, and 59% said their company doesn't have a plan to address a potential ransomware attack (up from 32% last year).
Most organizations are "slow" to respond to the threat of generative AI in workplaces, despite the risks being broad and interconnected, according to another study.
AI a ‘double-edged’ sword
How are employers looking to better secure themselves from cybercriminals? By investing in AI: 80 per cent of SMBs said they are considering using AI to bolster their cybersecurity defenses and feel they have a good understanding of the risks associated with it and how to manage it.
This is the case even though 81% SMBs feel that generative AI is a "double-edged sword" that could help their organization better detect and respond to cyber threats while simultaneously increasing the number of cyberattacks by providing new attack methods for criminals, according to KPMG in Canada's Private Enterprise Business Survey. The study surveyed 700 Canadian SMBs between Aug. 30 and Sept. 25, 2023.
Organizations looking to bolster their cybersecurity defenses with generative AI need to first assess which areas of their cyber controls can be augmented to maximize efficiency and security, said Nisal Samarakkody, a partner in KPMG's cybersecurity practice who specializes in the use of artificial intelligence to tackle cybercrime.
"Successful implementation and enablement of AI capabilities – including generative AI – is a journey that starts with optimizing existing cybersecurity controls, understanding gaps, readiness, and investing in emerging capabilities in line with the evolving cybersecurity landscape and organizational boundaries,” he said.
“Without that, organizations may not be able to leverage generative AI to its full potential, and they risk falling behind their peers and being vulnerable to complex threats.”
Employees continue to eye generative AI with anxiety, according to a previous report.