New findings from the Capgemini Research Institute research show that 97% of organisations using generative AI have faced security incidents or data breaches linked to the technology this year.

As generative AI becomes more integrated into business operations, over half of these companies (52%) reported financial losses exceeding $50 million, prompting 62 per cent to request larger budgets to mitigate risks.

The surge in cyber threats, including data poisoning, deepfakes, and data leakage, is worsened by employee misuse and highlights the growing vulnerabilities introduced by generative AI.

However, while AI expands the cyberattack surface, it also offers significant benefits. 60 percent of companies surveyed consider AI crucial for faster and more accurate threat detection and response. Over half (58%) also believe AI will strengthen proactive defence strategies, allowing cybersecurity teams to focus on combating complex threats.

Despite these advancements, generative AI remains contentious. It empowers security teams with tools to detect and mitigate risks more efficiently but also introduces new challenges that require continuous monitoring, ethical guidelines, and robust employee training.

Reacting to the findings, Andy Ward, SVP international of Absolute Security, commented: “AI is transforming the cybersecurity landscape, being used for both attacks and defence as a double-edged sword.

While AI’s capabilities can detect threats faster and enable proactive defences, the fact that almost all of organisations using generative AI have reported security incidents highlight the urgent need to bolster cyber resilience.”

He added: “These AI-powered attacks typically come in the form of generative-AI generated phishing attacks or AI-driven malware, but increasingly, cybercriminals are also using AI to identify lucrative targets for ransomware attacks and to personalise the ransom demands in search of larger pay outs.

Our research found that 54% of CISOs feel unprepared to handle AI-powered threats, with AI expanding attack surface and introducing new vulnerabilities.

To mitigate these risks, organisations must implement robust network visibility to monitor devices and applications for suspicious activity, freezing, or shutting off, potentially compromised devices in order to minimise the risks of AI-driven threats.”

Earlier this year, Microsoft researchers found that UK organisations using AI tools for cybersecurity were twice as resilient to attacks as those that didn’t. The study also concluded that boosting AI adoption could save the UK economy £52 billion annually, down from the £87 billion lost to cyberattacks each year.

Marco Pereira, Global Head Cybersecurity, Cloud Infrastructure Services, Capgemini said: “The use of AI and Gen AI has so far proved to be a double-edged sword. While it introduces unprecedented risks, organisations are increasingly relying on AI for faster and more accurate detection of cyber incidents. AI and Gen AI provide security teams with powerful new tools to mitigate these incidents and transform their defence strategies.

To ensure they represent a net advantage in the face of evolving threat sophistication, organizations must maintain and prioritize continuous monitoring of the security landscape, build the necessary data management infrastructure, frameworks and ethical guidelines for AI adoption, and establish robust employee training and awareness programs.”