IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Ransomware
#
IT Training
#
Phishing

Rise in AI-driven cyberattacks prompts urgent action for SMEs

Today
Author image
By Shannon Williams, Journalist

Two thirds of organisations globally have reported an increase in cyberattacks over the past year, according to findings from the 2024 Cyber Readiness Report by Hiscox.

The report highlights that 67% of surveyed businesses experienced a rise in cyberattacks, with more than a third expressing concerns that their cybersecurity measures are falling behind due to a lack of expertise handling emerging technology risks, including those linked to artificial intelligence (AI).

AI's impact on the cybersecurity threat landscape was highlighted by Durgan Cooper, an AI specialist who has provided advice on cybersecurity to the House of Lords. Cooper stated, "AI is lowering the barrier to entry for more complex attacks. AI-generated content and adaptive malware are now more accessible, which has led to a rise in targeted attacks and social engineering. Attackers also use AI to learn network behaviours faster, shortening the timeline between the initial breach and then the attack itself, which on average is over 180 days."

Expanding on the issue, Cooper added, "AI is very good at exploiting vulnerabilities in poorly protected databases and systems, and of course for misconfigurations made by human error. Phishing emails will increasingly be used to target unsuspecting employees."

The report found that 34% of firms said their defences had been compromised due to insufficient expertise in handling new technological threats. Cooper noted the role of employee preparedness, stating, "The quality and sophistication of AI today makes phishing and ransomware campaigns more convincing. This shift means that businesses must enhance the employee training, which I hope they are already receiving, with additional insight into how to recognise AI driven social engineering."

Alana Muir, Head of Cyber at Hiscox, emphasised the importance of widespread vigilance among enterprises of all sizes. She stated, "Small businesses may overlook cybersecurity training, believing they're less likely to be targeted compared to larger companies. However, cyberattacks can impact businesses of any size. Empowering your employees to spot the signs of an attack is a strong line of defence to maintain secure daily operations."

Phishing was identified as the principal cause of cyberattacks, comprising an estimated 90% of incidents, with AI-generated attacks making phish attempts increasingly sophisticated. As awareness grows, Hiscox's Cyber Readiness Report reveals that almost two thirds—64%—of business leaders believe generative AI will play a defining role in their cybersecurity strategy by 2030.

To respond to these evolving risks, Cooper, who is also Chairman of technology solutions provider CETSTAT, and Muir outlined five practical steps for small and medium-sized enterprises (SMEs) to enhance their cyber resilience.

First, they recommend technical protections through the government-backed Cyber Essentials certification. Cooper commented, "All businesses should undertake Cyber Essentials as a solid cybersecurity foundation."

Second, businesses are advised to monitor networks for unusual activity and invest in Security Operations Centre (SOC) services. Cooper explained, "Businesses must monitor networks to identify abnormal behaviour and invest in Security Operations Centre (SOC) services to investigate anomalies and respond quickly." He added that SOCs are "becoming more mainstream, rather than just a product reserved for large organisations."

Third, organisations should regularly apply patches and updates to their systems, as outdated software is more susceptible to cyberattacks. Timely updates are considered one of the simplest and most reliable methods to close vulnerabilities.

Fourth, Muir advocated for safeguarding businesses with cyber insurance. She explained, "All businesses are at risk of cyberattacks as threats evolve in line with AI developments. Cyber insurance not only provides financial protection in the event of a breach but also gives businesses the resources to recover swiftly."

Fifth, the enhancement of employee training was highlighted as critical to counter increasingly convincing AI-powered phishing scams. Ongoing development is seen as essential to help employees recognise and respond to sophisticated threats.

The data and opinions shared in the report and by industry experts underscore the need for businesses of all sizes to take active steps in response to the growing risk posed by AI-enabled cybercrime.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
GenAI promises manufacturing boost but firms lack readiness
Cyberattacks on UK retail giants spark security concerns
Netgear unveils new business strategy with AI & AV growth
TeamViewer launches DEX Essentials for smaller businesses
Half of UK firms regret AI job cuts, turning to reskilling
Top stories
UK shoppers willing to pay more for connected experiences
Skillvue raises USD $6.3 million to scale AI skills platform
Cloudhouse & ServiceNow join forces to boost IT governance
Trend Micro launches AI threat detection for enterprise security
Survey finds trust, safety & security key for CX in 2025