Kroll research finds AI innovation is surging while security fundamentals lag

AI Basics


Kroll releases a global cyber resilience study that reveals the rapid adoption of artificial intelligence is dramatically outpacing governance, security controls, and incident preparedness.

Kroll Jersey managing director Ed Shorrock believes the findings should resonate with businesses in the Channel Islands, particularly in the financial services sector, where AI adoption is most prevalent.

This research shows that AI, especially agent AI, has forever changed the threat model. Research shows that while AI is becoming embedded throughout enterprise operations, 76% of enterprises have experienced a security incident related to an AI application or model in the past two years.

The study found that organizations lack the basic security practices and governance frameworks necessary to safely and effectively deploy AI, with nearly one-third (27%) paying more than $1 million in costs related to AI-related security incidents.

This shows that while there is a desire to incorporate the potential of AI into security infrastructure, 90% of survey respondents identified barriers preventing further investment in AI security. A lack of clear ROI, insufficient management understanding of AI risks, and a belief that current measures are sufficient account for 40% of these barriers.

The study found that despite the rapid rise in attacks, most organizations are inadequately prepared for AI threats.

  • Organizations spend an average of 13% of their AI initiative budgets on using AI to test security controls or the models themselves. This leaves significant gaps in the AI ​​security posture and creates a disconnect between AI adoption and AI security investments.
  • Companies with highly mature security practices are six times more likely to spend 20% or more of their AI budget on testing security controls.

The study also showed that as an organization’s cyber maturity increases, the likelihood of an AI-related security incident decreases significantly.

  • 89% of organizations with very low cyber maturity experience an AI-related security incident.
  • In contrast, 54% of organizations with very high cyber maturity have experienced an AI-related security incident.
  • Additionally, 46% of highly cyber-mature organizations reported zero AI-related cyber incidents in the past two years, demonstrating that a solid security foundation directly translates into AI security resiliency.

Ed Shorrock (pictured), joint managing director of Kroll’s Jersey office, said: “Organizations in the Channel Islands are under pressure to deploy AI to respond faster and more accurately to increasingly complex threats. We’re seeing companies in the island’s financial services sector in particular keen to embed AI into their operations, but not getting the basics right first can create dangerous security liabilities.”

“AI is not inherently risky. Without the right underlying security in place, AI can amplify existing security weaknesses. Secure architecture, identity management, incident response, security culture – these are not constraints on innovation, but enablers of it.”



Source link