Artificial intelligence (AI) and machine learning (ML) offer many benefits for businesses, but wider use of the new technology could, in a worst-case scenario, bring new cyber security risks, according to KPMG’s global survey Cyber Trust Insights 2022.
A global survey conducted by KPMG among executives shows that companies see the benefits of AI and ML in increasing business efficiency and productivity. AI and ML can also be used to better predict customer and market behaviour, KPMG reported.
However, more than three-quarters of KPMG survey respondents, 78 percent to be precise, agree that AI and ML raise cyber security challenges. Almost as many (76 percent) believe, there are fundamental ethical questions to resolve as they adopt these technologies and say organisations will need to communicate more openly about how they are managing those issues.
“The risk is that AI and ML will increase cyber security and privacy risks if used inappropriately, which could damage companies’ reputation and lead to regulatory sanctions. The solution is cyber security and data protection teams working together to avoid these risks,” Mihkel Kukk, Head of Cyber Security Services at KPMG, said.
In addition, the survey showed that over 80 percent of executives recognised the importance of improving cyber security and data protection as the executives consider them one of the biggest risks companies face. Almost two-thirds of the respondents see information security as a risk-reduction activity rather than a business enabler. Moreover, more than half of the respondents say that senior leaders do not understand how better information security can help to enhance trust in the company and provide a competitive advantage.
According to the survey, one-third of executives find that a company’s Chief Information Security Officer (CISO) is not viewed as a key executive and has less influence than they need to protect the organisation and its data. Half of the executives doubt that the relationship between the board and the CISO is characterised by ‘high trust’. “In a situation where cyber-attacks have become commonplace, a stronger position of the CISO in the company is essential, and they should be part of the management team. The CISO should not be just a technical expert, as the board and the extended management team are not equally competent in technical details. The CISO can perform their role effectively if they are allocated the necessary budget and are trusted by management. It is unlikely that they are able to perform this role well by trying to resolve technical issues only. As executives see cyber security as one of the biggest risks that companies face, we can expect to see a change in their attitudes,” Kukk stressed.
In the KPMG Cyber Trust Insights 2022, 1,881 executives were surveyed, and a series of discussions was conducted with corporate leaders and professionals from across the world to explore the extent to which the C-suite recognises the importance of cyber security, how they are meeting the challenge, and what they need to do next. The survey results are available in PDF format here.
KPMG is a global network of firms providing audit, tax, legal and advisory services. KPMG member firms operate in 144 countries and territories and collectively employ more than 236,000 partners and people. In Estonia, KPMG has been operating since 1992 and currently employs more than 250 staff. Nearly 2,000 professionals work for KPMG Estonia’s partner firm KPMG Finland and almost 6,000 in KPMG member firms in other Nordic countries.
Head of Cyber Security
mihkelkukk@kpmg.com
+372 521 4332
By implementing artificial intelligence, the quickest returns are achieved thro..
IT or cyber security training is more engaging when delivered by trainers who a..
When planning your cyber defence strategy, it’s crucial to recognise that vulne..
The escalating complexity and frequency of cyberattacks pose a critical risk to the stability of f..
According to The Forrester Wave: Cybersecurity Consulting Services in Europe, Q1 2024.
We are excit..
The line blurring between work and spare time, and the widespread use of remote work mean that peo..
Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.
Analysis of employee awareness focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.