Top Highlights
-
Costly Breaches from Shadow AI: One in five organizations reported cyberattacks linked to unmonitored AI tools, resulting in breaches costing an average of $670,000 more than those with minimal shadow AI involvement, according to IBM’s report.
-
Weak Security Measures: A significant 97% of organizations facing AI-related breaches lacked proper access controls, highlighting pervasive weaknesses, particularly in authentication.
-
Widespread Governance Gaps: 63% of companies affected by breaches did not have an AI governance policy, and even those with policies lacked critical components like approval processes and robust access controls.
- Increased Use of AI in Attacks: Attackers frequently utilized AI tools for phishing and impersonation, with generative AI significantly accelerating the process of creating convincing scams.
Understanding Shadow AI and Its Costs
A new report from IBM highlights a troubling trend: unmonitored artificial intelligence tools, or “shadow AI,” are driving up the cost of data breaches. Specifically, one in five organizations surveyed experienced cyberattacks linked to security flaws in their AI systems. These attacks cost around $670,000 more than breaches at companies with limited AI use. This situation underscores a key vulnerability in many businesses today. While only 13% of organizations acknowledged breaches involving AI tools, a staggering 97% admitted to lacking proper access controls.
Addressing these gaps proves essential as the risk of attack escalates. Weak authentication measures often leave AI platforms exposed. Many of the reported breaches started with supply-chain intrusions, where hackers accessed AI tools through compromised applications and plug-ins. This emphasizes the need for businesses to adopt basic security measures, such as implementing zero-trust principles and network segmentation. Without these protections, attackers can easily compromise not only AI systems but also further stores of data.
The Challenge of Implementing Governance
Despite the clear evidence linking secure AI management to reduced breach costs, many organizations hesitate. Sixty-three percent of companies affected by breaches lack an AI governance policy. Some are in the process of developing these policies, but many that exist remain inadequate. For instance, fewer than half have a formal approval process for AI deployments. Alarmingly, 62% of organizations fail to implement strong access controls on their tools.
Moreover, only a third of companies with AI governance policies routinely check their networks for unsanctioned tools. This negligence allows “shadow AI” to flourish and contributes to higher breach costs. Hackers already leverage generative AI to enhance their attacks. For instance, they use AI-generated phishing emails more effectively, reducing the time required to craft convincing messages from 16 hours to just five minutes. As organizations grapple with the growing landscape of AI tools, they must prioritize robust security to foster a safer digital environment.
Stay Ahead with the Latest Tech Trends
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Explore past and present digital transformations on the Internet Archive.
Cybersecurity-V1
