Generative AI may lead to catastrophic cyber attacks in the next 12 months - says PwC 2024 Irish Digital Trust Insights Survey

PwC’s 2024 Digital Trust Insights survey found that the proportion of businesses around the world that have experienced a data breach of more than €1M has increased by a third in 2023 compared to 2022 - from 27% to 36%.

The survey of nearly 4,000 business and tech leaders across 71 countries, including Ireland, focusing on how the technology and security landscape is evolving, finds that Irish companies are most concerned about cyber threats such as third-party breaches, ransomware, and business email compromise. In particular, survey respondents are of the view that GenAI will lead to catastrophic cyber attacks in their organisation in the next 12 months. Irish organisations need to step up their investments in cybersecurity even further to protect against cyberattacks. This press release deals with the Irish survey results. 

Leonard McAuliffe, Partner, PwC Ireland Cyber Practice, said: “The survey shows that cybersecurity continues to be top of mind for Irish business leaders, and now more than ever. Business leaders need to be agile and adapt to the changing market.  With emerging tech developments such as Artificial Intelligence hitting the market in transformative ways, executives must challenge the status quo by building security into the fabric of their organisations instead of reacting once there is a crisis.”

Cyber budgets in 2024 in Ireland set to increase, but not at the same pace as global peers 

Nearly seven out of ten (69%) Irish respondents reported that they will increase their organisation’s cyber budget in the year ahead but lag global peers (80%). Just 28% reported that they usually allocate their cyber budget to the top risks of the organisation (Global: 33%). Key investment areas include regulatory compliance, simplifying and integrating cybersecurity technologies, moving towards a ‘Zero Trust’ strategy and deploying generative artificial intelligence (GenAI) for security.  

Third-party breaches top cyber threat concerning Irish Organisations 

Malicious groups are continuing to target relationships between organisations and their suppliers to gain access to the organisation's network or sensitive data through alternate channels. Not surprisingly, third-party breaches (42%) is the top cyber-related threat reported by Irish respondents, followed by ransomware (37%). Globally, the top cyber threat identified by respondents emerged as cloud-related threats (47%). Outsourcing to third-party service providers, including cloud providers, leads to a more complex cybersecurity risk profile but worryingly, the survey reveals that less than two-thirds of respondents have implemented a plan to manage the risks associated with cloud service providers.

Over half of Irish respondents expect GenAI to lead to catastrophic cyber attacks in the next 12 months

GenAI has emerged at the top of senior executive’s agendas for the next 12 months. 58% of the survey’s Irish respondents expect their business to deploy GenAI for cyber defence over the coming 12 months (Global: 69%). GenAI tools can help reduce the disadvantage for cyber teams overwhelmed by the sheer number and complexity of human-led cyber attacks, both of which continually increase. However, the survey also highlights an increasing concern about the rise of GenAI as it relates to cybersecurity. For example, over half (53%) of Irish respondents expect GenAI to lead to catastrophic cyber attacks in the next 12 months (Global: 52%). Another surge in cyber threats may be coming due to the power ofGenAI helping to create advanced business email compromise at scale. 

Concerningly, less than half (45%) of Irish respondents reported to understand the cyber risks related to GenAI and have included it in their formal risk management plans—significantly less than their global counterparts at 58%. 

At the same time, many Irish business leaders were positive about the potential of GenAI, though in some cases less so than their global peers: 

• 77% agreed that GenAI will help their organisation develop new lines of business within the next three years (Global: 77%);

• 59% agreed that employees’ personal use of GenAI will lead to tangible increases in their productivity within the next 12 months (Global: 74%);

• 61% agreed that GenAI-driven processes within their organisation will increase employees’ productivity within the next 12 months (Global: 76%).

Leonard McAuliffe, commented: “Organisations should adopt a responsible approach to GenAI and how it is used to enhance cybersecurity to ensure it is appropriately used. Although it’s often considered a function of technology, human supervision and intervention are essential. When they begin working with GenAI, along with security and privacy risks, business leaders must now account for additional areas of risk, including ethical and human risk - and ask themselves: does it feel right?”  Business leaders need to be aware of the risks associated with GenAI and ensure the correct governance is applied in the implementation phase.”

“The technology could also help enhance cybersecurity programmes by plugging skill gaps in a competitive talent market and supporting automated responses to critical incidents.”

Focus on regulation

Half (50%) of Irish respondents plan to prioritise compliance with regulations in their cyber budget, ahead of global peers (31%). The stringent regulatory requirements being placed on European organisations may be a factor in businesses prioritising compliance as the EU aims to harmonise and enhance cybersecurity across the continent.

Over half (56%) of Irish senior executives ranked the mandatory reporting of cyber risk management, and associated compliance and governance, as the top area of regulation that will affect future revenue growth (Global: 35%).  Over three-quarters (78%) said that greater digital, AI and data protection regulation will have significant additional compliance costs (Global: 74%). 

Ireland lagging global peers on Zero Trust strategies 

One of cybersecurity’s hottest topics right now is Zero Trust, a principle centred around putting data at the heart of security and risk-based decision making. The PwC Digital Trust Insights Survey 2024 shows that senior executives recognise the potential benefits of a Zero Trust strategy. However, the survey highlights that Irish respondents have been slower off the mark than their peers globally in embedding this modern approach to cybersecurity. Just 53% of Irish respondents reported to have adopted and implemented Zero Trust principles in their cybersecurity programme (Global: 76%).

ENDS