AI adoption “set to unravel years of cyber resilience” asserts e2e-assure

Comparing this year’s findings with e2e-assure’s research from last year, cyber risk owners have made positive changes to improve their resilience, with 29% of organisations confident that they are resilient. That’s up 7% from last year.

While those that have made investments in strong processes, technology and training have increased their resilience posture, the adoption of AI could be putting UK businesses at risk. Most cyber risk owners (81% of them) admitted they are concerned about AI and the lack of employee diligence (73%) in mitigating cyber attacks.

The research highlights that 62% of workers have used ChatGPT or Copilot in some capacity, with a significant 41% using one of these tools at least once every week. This rapidly evolving technology is often being adopted by employees without permission.

Although 85% of cyber risk owners said they are feeling confident about the success of those AI-centred policies put in place, the research reveals a significant discrepancy between the actual and perceived effectiveness of AI policies between employees and cyber risk owners. In fact, only one-in-three (34%) employees are even aware of AI policies in their workplace.

This ‘mismatch’ between cyber risk owners and employee knowledge around AI policies is extremely dangerous. Considering 43% of employees said they have personally been a victim of a cyber attack at work, and around half of those (23%) have experienced an attack in the last 12 months, using unapproved AI solutions that contradict company policies is creating a high level of concern.

According to analyst Gartner, 69% of employees have bypassed cyber security guidance in the last 12 months, while 74% said they would be willing to do so if it helped them to achieve a business goal.

e2e-assure’s research findings support this theory, with cyber risk owners seeing employees as a high-risk factor. 73% agreed with the assertion that most cyber attacks come through a lack of employee diligence and cited the use of unauthorised software as their top frustration (30%).

Fragmentation of technology

Rob Demain, CEO at e2e-assure, said: “Our research has investigated the cyber resilience landscape in the UK and drilled down into how AI is set to impact UK businesses’ cyber defences. Gathering insights from 1,000 employees and over 500 CISOs and decision-makers or cyber risk owners, the report provides insight on the performance of security operations and the advancements being made when it comes to cyber crime.”

Demain continued: “What’s clear is that the fragmentation of technology, which encompasses this year’s stratospheric rise of AI, hasn’t helped when it comes to building cyber resilience. In fact, AI could be about to unravel everything that’s been so hard fought for and won, in turn placing UK businesses at risk. Undoubtedly, the need for ongoing education and training in this field will be pivotal in the months and years ahead.”

When employees were asked about the consequences of falling for a cyber attack, over half (59%) said they either receive training and a risk disciplinary if they cause another breach (32%) or are required to attend training (27%). While training is happening, less than a quarter (24%) of employees would describe themselves as ‘very engaged’ in the process.

Although, as a whole, organisations are feeling more confident in their resilience than was the case in 2024, the findings show that it’s vital for cyber risk owners to start looking at their resilience picture from the ground up, with three key recommendations emerging:

*Keep employees at the centre of the security strategy

*Keep security for end users simple

*Have the right solutions provider in place

*Read the full e2e-assure report online at https://e2e-assure.com/futureproofing-ai-adoption/