| By

AI Can be Both a Friend and a Foe to Your Organization’s Security

Image credit: Pexels

AI Can be Both a Friend and a Foe to Your Organization’s Security

By Dave Warner, Systems Engineer at Cenetric

IBM released its latest Cost of a Data Breach report — and it’s a doozy when it comes to AI.

The annual report, which tracks the average cost of a breach to companies that have suffered one, shines a light on just how both helpful and harmful AI can be. (Note: All the data we’re sharing below can be found in the report.)

On a positive note, AI and automation in security solutions helped bring down the average cost of a breach globally by 9% — the first decrease in five years. The United States, however, saw average costs rise by 9% over last year, attributed to higher regulatory fines as well as increased detection and escalation costs. 

Globally, the cost came down because companies are increasingly using AI solutions to identify and contain breaches faster. IBM reported that security teams using AI and automation extensively saw breaches that were 80 days shorter and cost $1.9 million less when compared to organizations that didn’t use these solutions.

AI can be a powerful tool to identify and stop data incidents and breaches. Many organizations that saw a breach said they plan to invest in AI tools to help prevent or mitigate another one — 45% of those affected said they would choose AI-driven solutions. 

Shadow AI is a growing concern

On the flip side, AI is causing some big problems for companies’ IT security, according to the report: 

  • 16% of data breaches involved attackers using AI, most often for AI-generated phishing (37%) and deepfake impersonation (35%).
  • 97% of organizations that had an AI-related security incident also lacked proper AI access controls (essentially, knowing who’s using AI tools in your org and for what purpose).
  • 63% of organizations affected said they didn’t have AI security and governance policies, and 61% said they didn’t have technology to manage AI governance in place either. 
  • 20% of those who experienced a breach said security incidents involving shadow AI were to blame. 

Shadow AI (the unauthorized or unknown use of AI in an organization) is a tricky issue for organizations of all types. In the quest for more efficiency or to fulfill the demands of their roles, your employees might adopt generative AI tools like ChatGPT, Claude or Perplexity on their own. 

But like other forms of shadow IT, unauthorized AI adoption by your team can have major consequences for your organization. It added $670K to the cost of a data breach for organizations in the study with high levels of shadow AI and most often involved the loss of customers’ Personally Identifying Information (PII), employees’ PII and intellectual property. 

Losing control over PII is costly in terms of regulatory fines and potential lawsuits, but it can also harm customers’ views of your org in the long term. Nearly a quarter (23%) of shadow IT incidents caused the organization involved reputational damage.

The study also revealed that 11% of breached organizations couldn’t say for sure if they experienced a shadow AI incident, demonstrating the serious gaps in AI policies and the technology to detect shadow AI. Interestingly, even sanctioned AI accounted for 13% of security incidents in the study, meaning there are plenty of security holes to plug in any case. 

AI isn’t the only thing to blame for breaches

AI is a method of protecting (or attacking) your systems, but there are many other ways you could be letting your guard down. 

Storing data across multiple cloud environments is an ongoing issue and was the top data storage method of companies that saw a breach. This shows us that data is more vulnerable when your organization doesn’t have strong data governance policies to guide employees on what data should be saved where.

The study also showed that breaches involving on-premises data increased over 2024 numbers, perhaps making it time to look at migrating your organization’s data to the cloud. Data stored in private clouds was the data storage method least commonly involved in a breach.

Cenetric can help you use AI the right way

The information about AI seems to change by the hour these days, and we know it can be overwhelming. Our experts are ready to help you use AI effectively and safely by establishing the proper use cases and finding the right solutions to implement. 

We can also help you develop appropriate AI use policies to protect against shadow AI and find the right security tools to protect your organization from AI attack. It’s a wild new tech world out there, and we can help you navigate it. 

Looking for IT support or technology advice right here in Kansas City? Cenetric has the experience and availability you need to keep running smoothly 24/7. Tell us about your organization, and we’ll be in touch to get started right away.

Sign Up to Receive Articles and Exclusive News
Be the first to get the latest Cenetric updates and exclusive content straight to your inbox.
Invalid email address