Cyber Resilience in the Age of Gen AI
Cyber resilience is the ability of an organization to continue operating even in the face of cyber attacks. With the advent of Generative AI (Gen AI), companies are facing new challenges. According to a recent PwC survey, only 2% of enterprises have effective cyber resilience measures across their organization. The rest cite the complexity brought by AI as a significant challenge.
The Complexity of Gen AI
Generative AI refers to AI systems that can create content, like text or images, on their own. While this technology has many positive uses, it also introduces complex cybersecurity challenges. As noted by Matt Gorham from PwC’s Cyber & Privacy Innovation Institute, Gen AI creates more unpredictable ways for hackers to attack systems, making it harder for companies to protect themselves.
For example, Gen AI can help detect cyber threats faster, but it can also be used by hackers to make believable fake emails (phishing) or videos (deepfakes). This means even people who aren’t very technically skilled can launch sophisticated attacks.
Threats and Preparedness
The survey highlights four main threats that worry companies the most: cloud-related threats, hack-and-leak operations, breaches from third-party services, and attacks on connected devices. These threats are becoming more common as companies rely more on cloud computing and AI.
Incorporating Gen AI into existing systems can be difficult and can create new vulnerabilities if not managed carefully. The growing attack surface—the range of points where an unauthorized user can try to enter or extract data from a system—has increased due to Gen AI, according to 67% of security executives surveyed.
Internal Challenges and Investments
Internally, many companies are struggling with trust and risk management. A significant number of internal stakeholders (39%) do not fully trust Gen AI, leading to inadequate internal controls and risk management. However, almost 80% of organizations have increased their investment in Gen AI over the past year, showing a commitment to overcoming these issues.
Leadership and Regulatory Challenges
Within the C-suite—the executive-level managers of a company—there is a divide in how to handle cyber risks. Only 13% of organizations feel confident that their top executives agree on compliance with AI regulations. This lack of unity can weaken an organization’s overall response to cyber threats.
Despite these challenges, companies are taking action. Almost all surveyed organizations (96%) have increased their investment in cybersecurity due to regulatory requirements. This shows a growing awareness of the importance of robust cybersecurity measures in an AI-driven world.
