• Mimecast has released its ninth annual State of Human Risk report.
• It found that 72 percent of South African organisations are concerned about AI being used as an attack vector against them.
• 62 percent of respondents also noted that the adoption of a formal cybersecurity strategy has significantly improved their organisation’s risk level.

While the fervour around AI and its ability to disrupt nearly all industries shows no signs of dying down, there are growing concerns about AI being leveraged by cybercriminals to create more invasive and persistent cyberattacks.

This concern is seen in the latest State of Human Risk report issued by Mimecast, now in its ninth iteration, which shared insight from a global survey of 1 100 IT security and IT decision-makers, including South Africa’s private sector.

According to the report, 72 percent of South African organisations are concerned that AI will be leveraged in order to create vectors to attack them.

It is clear that many are contemplating the implications of AI within their industry, but they are also cognisant of how being proactive is for the best. Here, the report explains that 62 percent of respondents say that the adoption of a formal cybersecurity strategy has significantly improved their organisation’s risk level.

That said, Mimecast pointed out that security leaders are still grappling with an increasingly complex threat landscape.

“While only 50% say that their organisation is using AI to help defend against cybersecurity attacks and/or insider threats, 83% express concerns about the potential for sensitive data leaks via GenAI tools. More than half say they are fully prepared with specific strategies for AI-driven threats (55%),” shared Mimecast in a release with Hypertext.

“You can’t stand there trying to put your finger in the hole of a dam. You’ve got to embrace it,” said an unnamed head of IT in the report regarding AI security readiness. “I think [it] will evolve quickly, and we’ll have to embrace it quickly as well. You’ve got to always keep one step ahead of the game, [and] we’re looking to vendors to help us with that,” added an anonymous IT director.

As part of readiness strategies, one element still needs to be accounted for – the workforce. On this front insider risk, both intentional and unintentional, is something that security departments must continue to take heed of.

According to local respondents, an average of 25 insider-driven data exposures, losses, leaks, and theft events occur in a month. The report also found that the average insider-driven event costs an organisation $14.2 million (~R256 million).

In order to meet these growing concerns around cyberattacks, organisations need to budget more, the report found.

Further to this 86 percent of respondents said their organisation’s cybersecurity budget has increased in the last 12 months, however, additional budget is required for cybersecurity staff and third-party services at 67 percent, email security at 52 percent, and collaboration tool security at 47 percent, feedback from the report indicated.

“Security leaders now face mounting challenges, from insider threats and expanding attack surfaces in collaboration tools to AI-powered cyberattacks. While proactive measures are essential, effectively managing human risk, implementing tailored employee training, and strengthening defences against business email compromise (BEC) remain critical,” explained Brian Pinnock, VP of Sales Engineering at Mimecast.

You can download the latest State of Human Risk report for yourself here.

[Image – Photo by Wesley Tingey on Unsplash]