AI Threats Top Concerns for 72% of South African Organizations

Mimecast has published its 9th annual State of Human Risk report, based on a comprehensive global survey that included 1,100 IT security leaders and decision-makers, with input from South African organizations.

This report highlights significant aspects of the human risk landscape and offers practical recommendations for organizations aiming to strengthen their cybersecurity systems while managing their budgets effectively.

The Complex Cyber Threat Environment

According to the report, 62% of leaders believe that having a formal cybersecurity strategy has noticeably reduced their organizations' risks. However, they are still facing a complex and rapidly changing threat environment. The findings of the State of Human Risk 2025 report shed light on various issues:

AI: A Mixed Blessing

Artificial Intelligence (AI) is viewed as a threat as well as an opportunity:
– Only 50% of organizations are currently using AI to defend against cyberattacks and insider threats.
– Nonetheless, 83% of those surveyed have concerns about accidental data breaches through Generative AI tools.
– Over half (55%) of the respondents have developed strategies to address threats driven by AI.

A head of IT at a retail company pointed out, "You can’t simply plug the leaks; you have to embrace AI." Similarly, an IT director at a utility company highlighted the importance of adaptation: "I believe AI will advance swiftly, and we need to keep pace with it as well."

The Serious Impact of Insider Threats

Managing insider threats, whether deliberate or unintentional, has emerged as a critical challenge:
– South African respondents reported an average of 25 incidents per month related to insider actions that resulted in data exposure, loss, or theft.
– Each incident can be surprisingly costly, averaging around $14.2 million.

Challenges with Cybersecurity Budgets

Although 86% of organizations have raised their cybersecurity budgets in the past year, the allocated funds still fall short of meeting increasing demands:
Organizations report needing more budget for staff, third-party services (67%), email security (52%), and securing collaboration tools (47%).

The 2024 Verizon Data Breach Investigations Report reveals that 68% of breaches are caused by non-malicious human error, indicating a shift towards a more human-centric strategy in managing cyber risks.

Training and Human Error

While regular training for employees is common—86% of organizations conduct training monthly (38%), quarterly (29%), or continuously (19%)—significant issues remain:
– 43% of respondents feel that employees lack adequate security awareness;
– 28% point to employee fatigue as a critical factor causing security oversights.

A CIO from an insurance firm noted, "Accidental breaches occur when employees unintentionally compromise systems, such as through misaddressed emails or failure to follow protocols. These mistakes, although unintentional, can have severe consequences."

Collaboration Tools: A Rising Risk Area

Collaboration tools are increasingly recognized as a risk:
– 57% of respondents believe that their organization will likely face negative consequences from attacks that involve collaboration tools by 2025.

Preparing for the Future of Cybersecurity

"AI is transforming cybersecurity more quickly than ever before, acting as both a robust defense tool and a growing threat. While half of the organizations have adopted AI for detecting threats and real-time monitoring, cybercriminals are also using it to facilitate more sophisticated attacks," explained Brian Pinnock, Vice President of Sales Engineering at Mimecast.

"Security leaders are confronting escalating challenges, from insider threats and expansive attack surfaces related to collaboration tools to AI-powered cyberattacks. Proactive measures are vital, yet equally important is effectively managing human risk, implementing tailored employee training, and reinforcing defenses against business email compromise (BEC) threats. At Mimecast, we offer an AI-driven, API-enabled human risk management platform specifically designed to shield organizations from current and future threats.

As AI continues to evolve in the realm of cybersecurity, organizations must find a balance between utilizing AI for protection and remaining vigilant to its associated risks."

AI, security, cybersecurity