EY Alert: Half of Leaders Overwhelmed by AI Cyberattacks
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
A recent report from consulting firm EY highlights a familiar pattern in the business world: while companies are eager to integrate artificial intelligence (AI) into their operations, they struggle to define a clear path to achieve this. This difficulty is particularly pronounced in the field of cybersecurity, where AI-powered attacks pose an increasing risk.
Key Insights
The report emphasizes that AI-driven cybercrime is perceived as a serious threat by the majority of companies. Despite this awareness, many feel inadequately protected and lack a clear strategy to bolster their defenses. EY proposes key steps to enhance cybersecurity.
AI-enabled cyberattacks are unanimously regarded as a significant threat to businesses today. However, for financial and logistical reasons, many organizations believe they are not sufficiently prepared. They lack a clear roadmap to strengthen their internal defenses, according to a report published Thursday by EY. This report, based on a survey conducted in December among over 500 cybersecurity leaders across various sectors, reveals that 96% of respondents view AI-enabled cybersecurity attacks as a significant threat to their organization. Yet, less than half of these leaders, specifically 46%, express high confidence in their current cybersecurity mechanisms to counter this threat.
Moreover, the majority of respondents, 67%, report that they are still in the pilot phase of developing their strategy to protect their organizations against this new wave of cyberattacks. However, according to Ganesh Devarajan, head of cybersecurity risk at EY Americas, the pilot phase is insufficient in a world where AI continuously provides cybercriminals with new means of attack. "We are navigating a unique landscape where AI arms the digital environment while also strengthening our defenses," he told ZDNET. "If I were to speak to an information security officer today, my advice would be simple: the time for waiting and seeing is over. Protecting a business now means building a holistic strategy where AI and employees not only work side by side but also amplify each other's strengths."
An Intersectoral Plateau
Cybersecurity is not the only area where companies experimenting with AI fail to launch robustly and meaningfully. Despite high interest in using technology internally, many companies struggle to do so in a way that generates real returns. Organizations are stuck on a sort of plateau as they attempt to transform internal AI initiatives into sustained growth; the willingness is there, but the path is often unclear.
A frequently cited study from MIT, published in August, revealed that 95% of companies' internal AI initiatives had failed to deliver substantial returns on investment. This was a wake-up call for AI developers and their business clients. In summary, something in the current approach to deploying AI within organizations was not working.
A few months later, a survey conducted among thousands of business leaders in 21 countries revealed that a vast majority, 87%, claimed that AI would "completely transform" the way their organization conducts its work in the coming year, but only 29% stated that their teams possessed the necessary skills and training to achieve this goal.
Cybersecurity Obstacles
These two themes were echoed in EY's new report. Broadly speaking, the consulting firm found that while most senior cybersecurity professionals are fully aware that AI is rapidly equipping their adversaries with new, more sophisticated modes of attack (such as phishing and deepfake scams), they are hindered by a lack of a clear plan to strengthen their internal security.
Financial constraints were identified as a significant issue: 85% of respondents to EY's survey stated that their employer's current cybersecurity budget is insufficient to address AI-enabled threats. Conversely, EY also found that the number of organizations dedicating at least 25% of their cybersecurity budget to building AI-powered solutions is expected to rise from 9% today to 48% over the next two years.
The consensus seems to be that the best way to combat new AI-powered cyber threats is to use AI-powered defenses as well—a trend that has already begun to manifest in the financial sector.
Four Recommendations
What can cybersecurity experts do right now to address this new wave of AI-driven threats? EY highlighted four key areas they should focus on:
-
Budgets need to be revised "to prioritize AI-powered cybersecurity."
-
Instead of trying to use a plethora of AI to automate specific tasks—which, according to EY, constitutes a bottleneck preventing companies from moving beyond the pilot phase—organizations should adopt an "orchestrated and agent-driven" approach. In other words, implement a top-down control model for the internal use of AI so that cybersecurity leaders can easily visualize the actions of AI agents and correct them if necessary.
-
Teams must "invest heavily" in training their existing employees to collaborate safely and effectively with AI agents.
-
Adopt an arms race mentality to maintain internal safeguards, as AI-assisted cyber defenses improve, so too will the tactics deployed by AI-assisted cybercriminals. "Organizations that view governance as a living system—continuously improving and integrating into culture and operations—are best positioned to build trust, manage emerging risks, and translate AI innovation into a sustainable competitive advantage."
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.