The rapid rise of generative AI is creating ever smarter cyber attacks, while companies worldwide are lagging in their defenses. According to a new report from consulting house Accenture, only 10 percent of organizations are prepared for AI-driven cyber threats.
The study , based on a global survey of more than 2,200 technology and security executives, shows that 90 percent of companies lack sufficient strategy or capacity to deal with modern threats. Sixty-three percent lack even a basic cyber strategy.
Protection of data and AI systems also falls short. For example, 77 percent of respondents say they do not have basic security measures in place for their models, data and cloud infrastructure. Only one in five organizations think their generative AI systems are well protected against attacks.
In addition, generative AI is still hardly used in a safe way. Less than a quarter of companies have policies or training in place for responsible use, and most lack visibility into exactly which AI models are being used, increasing the risk of misuse.
The report also identifies increasing pressure on security teams. The average organization suffered nearly 1,900 cyberattacks in the third quarter of 2024, up 75 percent year over year. Attackers are now using AI to circumvent traditional security, such as through deepfakes or smart malware that spreads itself.
On top of that, there is a persistent shortage of qualified personnel. Four in five executives cite lack of manpower as one of the biggest obstacles to improved cyber resilience.
According to Accenture, on average, companies are investing 1.6 times as much in generative AI as they are in security - a gap that could even reach 2.6 times by 2025. That's risky, because companies that do have their security in place are found to be nearly 70 percent less likely to suffer advanced attacks.
The recommendation: make AI security a top priority, integrate security into software development, and strengthen human and technology with training, monitoring and automation.
