Over the past 12 months, 67% of U.S. businesses experienced a cyber event and only two-thirds of small to medium-sized businesses report having cyber insurance, according to QBE North America's
According to the survey, 29% of businesses experienced at least one cyber event where it was believed that AI was used as part of the attack – 51% that experienced such an attack reported phishing messages and 49% reported AI-generated malware or malicious code. Seventy percent of respondents also shared concerns potential risks arising from their vendors or suppliers using AI. Most of those surveyed are already thinking about AI: 81% of respondents currently deploy AI technology and 15% are looking into it. Of the businesses using AI, 60% are training staff on its safe use and 53% are checking the quality of the data used to train models.
Of the organizations affected by a cyber attack, 58% lost revenue and 58% experienced attacks caused by, or related to, their suppliers. Overall, 77% of businesses are concerned about the possibility of a cyber attack within the next year.
"Cyber threats are a frequent and costly reality for U.S. businesses," said Ian Walsh, vice president and U.S. cyber product leader of QBE North America, in the news release. "This research underscores the importance of stronger defenses as companies navigate an evolving risk environment that includes emerging technologies."
About 75% of organizations report that they expect their cybersecurity budget to increase this year, and 81% say they have an incident response plan ready in the case of a cyber incident.
"Developing strong incident response plans and addressing insurance gaps are critical steps for midsize businesses seeking to protect operations and build resilience in today's complex threat landscape," said Walsh.
Other
According to QBE's global business research, most organizations that use AI report some governance or oversight measures: the most common strategy to combat AI-driven cyber events is to train staff on responsible and safe use of AI (47%), followed by consistently assessing the quality of data used to train AI models (41%), conducting AI risk or impact assessments (40%) and inquiring human oversight for AI-supported decisions (40%).
