The Cyber Risk Paradigm Shift
In Aon’s first 2024 Client Trends Report, technology is identified as one of the four megatrends impacting businesses around the globe. The report found that 86 percent of business leaders around the globe believe generative AI (GenAI) will be transformative for their company and industry, adding the equivalent of $2.6 trillion to $4.4 trillion annually to the global economy in unleashing operational efficiencies through AI-powered chatbots, translation tools and office applications.
However, the rapid pace of technological change is creating expanded attack surfaces and exposing massive new cyber vulnerabilities. According to Zamani Ngidi, Senior Client Manager for Cyber Solutions at Aon South Africa, organisations may not be fully prepared to tackle the risks associated with digital transformation if they do not also consider the human element in their processes and governance.
“Pockets of experimentation and innovation with these new technologies are sometimes occurring outside of established data governance and cyber security practices, in what is coined 'shadow AI', limiting the visibility of an enlarged digital attack surface. As a result, actionable analytics are more critical than ever and will continue to be the cornerstone of informed decision-making in a rapidly evolving technological landscape,” says Zamani.
One major concern is the use of AI-powered translation tools, which scammers can exploit to create deepfakes, leading to fraudulent payments, especially affecting financial institutions. Additionally, developing effective AI tools requires vast amounts of relevant and up-to-date data, raising issues about data scraping and the protection of personal information, which exposes organisations to regulatory repercussions.
AI in the Workplace
The implementation of GenAI is set to transform the way that we work by automating repetitive and predictable tasks, freeing up employees to direct their attention to decision-making, strategic planning and creative thinking. A paradigm shift needs to occur where businesses direct their efforts towards training their employees and providing them with the tools needed to take on these new roles. In fact, almost 44 percent of CEOs believe their workforces will have to develop new skills to equip themselves for AI-driven business environments.
Training efforts need to create awareness of security protocols and desired data governance when implementing and using AI tools in the workplace. Several drivers are expected to keep cyber-risk top-of-mind for organisations, focusing on:
1. Systemic risks to key strategic industries and infrastructure resulting from the widescale adoption of emerging technology, such as cloud, AI, digital assets and quantum computing.
2. Geopolitical tensions and the use of cyber as a tactic to wage electronic warfare.
3. An increase in regulatory actions from securities, consumer and privacy regulators.
“With the advancement of technologies like AI, cyber threats will continue to evolve, posing significant dangers to organisations and their people. Ironically, the human element will remain the weakest link in the cybersecurity frontlines. By 2025, it’s expected that more than half of cyber events will be caused by human factors while phishing continues to be the most common method for initial network access,” says Zamani.
Unlike some security issues that can be addressed with tools or process changes, there are no quick fixes for transforming the cybersecurity culture within an organisation. “The sophisticated tools and methods used by threat actors will continue to evolve,” says Zamani. “Organisations must adopt a long-term approach to address the human factors that expose them to cyber risk. This approach will involve continuous training, reskilling and upskilling initiatives to enhance engagement and accountability. Both the curriculum and delivery of cyber training need to improve each year, increasing employee knowledge and sophistication regarding cyber risks, rather than treating cybersecurity training as a one-time exercise.”
How Businesses Can Prepare for Change
The adoption and integration of AI, the evolving cyber landscape and the role of data and analytics are all intrinsically linked. Finding a balance means that businesses need to prepare for change:
1. Manage a rapidly evolving risk landscape by using a variety of risk mitigation and risk transfer tools:
• Use data analysis to gauge cyber risks.
• Quantify cyber exposures tied to new tech.
• Enhance controls to lower cyber incident odds.
• Regularly test defences and simulate attacks.
• Decide whether to retain or transfer risk.
2. Align capital and talent strategies by providing growth and development opportunities for the workforce to take responsibility for any transitional technological changes that aid in bringing growth initiatives to fruition:
• Develop workforce skills for tech transitions.
• Foster a change-embracing culture.
• Retain talent crucial for growth initiatives.
3. The implementation of a new initiative, such as a new tool or a cyber security culture program, needs to be undertaken with clarity and accountability:
• Define objectives clearly for new initiatives.
• Establish ownership to drive change.
• Utilise technology and data for risk management.
“As organisations prepare for the next technology frontier, digital tools and access to sophisticated data and analytics will be critical in helping them stay ahead of the curve on current and future risks. With the pace of change accelerating, technology — if harnessed and managed correctly — can be the catalyst that helps businesses realise their growth goals,” Zamani concludes.