AI is transforming cybersecurity
Human vulnerability
Combining AI and technical expertise
AI-based cyberattacks are not an issue for the future, but one that must have an immediate impact on cybersecurity strategies. Most specialists and managers believe that prompt investment is necessary to improve protection.
Karim Azer-Nessim
Director Cyber Security
Artificial intelligence (AI) is transforming the cybersecurity business – for both the angels and the demons. Cybercriminals are using generative AI (GenAI) to individually tailor and scale attacks. However, companies and public authorities are also harnessing the strengths of AI and incorporating the technology into their IT security. How do businesses and public authorities assess the threat posed by hackers? What influence does GenAI have? And how can organisations use AI to protect themselves effectively? Sopra Steria Discover provides the answers – with key findings on this website as well as expert interviews and further insights in the free report.
download the report now
The use of AI in cybercrime is threatening the IT security of companies and public administrations more than ever. GenAI in particular poses a challenge to organisations: Cybercriminals are using the technology to personalize and automate their attacks. With the help of language generation driven by GenAI, they can make the ‘grandchild trick’ appear more authentic, for example. Artificial intelligence also enables them to analyse relationships in social networks quickly and easily. This allows them to target their attacks even more individually.
of the specialists and managers surveyed believe that the malicious use of AI has drastically raised the threat level in the digital space.¹
of professionals and executives surveyed say that cybercriminals use AI significantly better to attack than organisations do for defending or preventing an attack.¹
In light of the new possibilities, companies and public authorities are becoming increasingly concerned that the balance of power is shifting towards the attackers. The specialists and managers surveyed are of the opinion that cybercriminals are much better at using AI to attack than companies are at defending themselves. However, there are also positive signs, as awareness of AI-based cybersecurity is growing. One third of the organisations surveyed are planning to adapt their own cybersecurity strategy to the AI era, while almost as many companies and authorities are preparing to use AI to improve their IT security. After all: “It takes a network to defeat a network.”
¹ Specialists and managers; n = 564Source: F.A.Z-Institut, Sopra Steria
of the specialists and managers surveyed intend to adapt their cybersecurity strategy to AI.¹
of the specialists and managers surveyed are preparing to use AI in cybersecurity.¹
of the specialists and managers surveyed say that without the use of AI in cybersecurity, organisations will stand no chance against cyberattacks in the future.¹
Learn how AI is reshaping the cybersecurity landscape for businesses and public authorities. Equip your organization with the knowledge to leverage AI effectively and counter the threats of tomorrow.
¹Multiple answers possible with a maximum of three answers; depiction of the three most frequent response categories; Specialists and managers; n = 564Source: F.A.Z.-Institut, Sopra Steria
of the employees surveyed report more phishing messages.¹
of the employees surveyed state that phishing messages by AI can hardly be recognized as such any more.¹
Inappropriate employee responses to phishing and social engineering attacks remain the biggest weaknesses in company cybersecurity, according to the specialists and managers surveyed. This is worrying, because AI makes it easier than ever for cybercriminals to exploit this vulnerability. One reason for this is the use of AI as a service (AIaaS). This can be used, for example, to generate credible phishing emails on a massive scale. The aim of hackers is to gain access to passwords or account data via employees. They are becoming increasingly efficient in their approach, as our representative employee survey shows.
¹Employees; n = 1,003Source: F.A.Z.-Institut, Sopra Steria
Would you have recognized it? This video shows a non-real person speaking with a cloned voice. Both the voice and the appearance of real people can be cloned using AI in a very short time and used for attacks. We invested about 15 minutes and 15 euros in the creation of this video. Imagine what you would see if it had been a day and more money?!
The increasing use of AI tools by the key vulnerability, humans, is also a threat. According to a study by Microsoft, 75 per cent of knowledge workers worldwide use AI at work. 78 per cent of them access their own private applications, thereby overriding company guidelines on AI usage. This entails significant risks for data security. However, the organisations surveyed are not yet sufficiently aware of this fact. Only a quarter of specialists and managers classify the use of ChatGPT, DeepL & Co. as a significant risk to their own IT security. At the same time, our representative survey of employees revealed that two-thirds of the working population in Germany use AI in a professional context. This is despite the fact that, according to employees, less than half of employers regulate the use of AI tools transparently. Do you want to know how you can protect yourself against AI-based phishing attacks? Our report provides the answers.
of employees surveyed statethat their employer does not regulate the use of AI applications (transparently).¹
of the specialists and managers surveyed see the unregulated use of AI tools such as ChatGTP & Co. as a threat to cybersecurity.²
of employees surveyed use AI applications such as ChatGPT, Midjourney or DeepL in their daily work.¹
¹ Employees; n = 1,003Source: F.A.Z.-Institut, Sopra Steria
Develop guidelines for the use of AI applications in everyday working life and sensitize your employees to AI-supported phishing attacks.
Examine the options for using AI to support repetitive and time-consuming tasks so that your employees’ time and energy can be fully invested in more complex tasks.
Use the possibilities that AI offers to personalise test attacks or adapt awareness campaigns to new attack patterns.
of the specialists and managers surveyed say that cybersecurity is a strategic issue that is considered in every new process they set up in their organisation.¹
of the specialists and managers surveyed want to invest more in cybersecurity, as cybercrime has reached a whole new level due to AI.¹
With the growing threat of cybercrime, companies and authorities are also becoming increasingly aware of the need for strategically planned IT security. In around three quarters of the organisations surveyed, cybersecurity is currently seen as a strategic issue that must be considered in every new process that is set up. Nevertheless, concerns about hacker attacks are considerable: Many organisations lack IT security experts and the corresponding expertise. Almost half of the specialists and managers surveyed are convinced that cybercrime has reached a whole new level due to AI and are taking this as an opportunity to invest more in cybersecurity.
When it comes to the fight against AI-based cybercrime, the respondents agree: IT security is a joint task. Cybersecurity experts are rare. Specialists and managers would therefore like to see greater cooperation between the various authorities, research institutes and companies. However, AI is also seen as an important tool for strengthening an organisation’s own cyber resilience. There is great potential, especially when it comes to identifying attacks at an early stage: Machine learning helps with pattern recognition and can identify anomalies that are often barely visible to humans. AI can optimize automation tools to contain and push back attacks before hackers can access data. Find out more in our report.
of the specialists and managers surveyed agree with the statement that cybersecurity is a joint task. To protect themselves effectively against cyberattacks, organisations should work together and stop poaching cybersecurity experts from each other.¹
Develop a security strategy that ensures that the organisation, processes and technology can adapt to changing risks.
Always plan preventive, active and reactive elements into your cybersecurity strategy.
Continuous monitoring of IT systems helps to detect threats before damage occurs.
The earlier you detect attacks, the faster and more effectively you can react.