Gap in AI Threat Awareness Leaves Business Teams Open to Attack, Report Warns

The scale of AI-powered attacks has surged dramatically. Industry data shows that around 40% of all cyberattacks are now AI-driven, with deepfake use in impersonation fraud rising by 50-60%. These automated, personalised scams exploit the very human vulnerabilities that traditional technical controls struggle to address.

As UK cybersecurity experts have warned, AI advancements are creating unprecedented threats to global cybersecurity systems that require urgent attention.

Shadow AI Compounds the Problem

The unauthorised use of AI tools – dubbed ‘shadow AI’ – creates additional security risks that most organisations struggle to manage. The Social Links survey found that whilst over 82% of companies allow employees to use AI tools at work, only 36.7% have formal policies controlling their use.

This policy gap has proven costly. Corporate data input into AI tools surged by 485% between March 2023 and March 2024, with sensitive data rising from 10.7% to 27.4%. Around 38% of employees share confidential data with AI platforms without approval, risking compliance with regulations like GDPR and potentially triggering fines up to 4% of global revenue.

High-profile breaches illustrate the danger. Samsung employees inadvertently leaked proprietary code and trade secrets by submitting confidential information to ChatGPT. Such incidents demonstrate how shadow AI can cause substantial reputational harm and competitive disadvantage.

Training Over Bans

Rather than attempting to restrict AI tool usage entirely, security experts advocate for comprehensive employee education. The Social Links research shows that 72.2% of survey respondents view employee training on safe AI use as the most effective way to reduce shadow AI risks, followed by internal policy development at 46.8%.

‘What actually helps is teaching people how to spot the risks and giving them the right tools to stay safe, instead of just saying don’t do it,’ Shkvarun notes. This approach recognises that employees will continue using AI tools regardless of restrictions.

Best practices for AI-era cybersecurity training include regular, role-specific instruction on AI-powered phishing and social engineering, interactive training tools that simulate real attack scenarios, and fostering a security-conscious culture where employees feel comfortable reporting suspicious activity.

Companies must also address the broader issue of AI-generated misinformation that makes it increasingly difficult for employees to distinguish between genuine and fraudulent communications.

Bridging the Gap

The challenge isn’t just technical – it’s organisational. As Shkvarun emphasises: ‘Traditional threats like phishing and malware still dominate the charts. But what we’re seeing now is that AI isn’t replacing these risks, it’s supercharging them, turning generic scams into tailored operations – fast, cheap and more convincing.’

Companies must bridge the awareness gap between technical and business teams before attackers exploit it further. This requires moving beyond policy documents to focus on practical, everyday security habits that all employees can implement.

The window for action is narrowing. With unauthorised technology use accounting for about 11% of cyber incidents globally and AI attack sophistication increasing rapidly, organisations cannot afford to leave any department behind in their cybersecurity efforts.

Building consumer trust in AI-powered systems requires transparency about both the benefits and risks of these technologies, something that extends to internal corporate communications about AI threats.