KPMG: Artificial intelligence and machine learning are a hard nut to crack for corporate cyber security

Artificial intelligence (AI) and machine learning (ML) offer many benefits for businesses, but wider use of the new technology could, in a worst-case scenario, bring new cyber security risks, according to KPMG’s global survey Cyber Trust Insights 2022.

A global survey conducted by KPMG among executives shows that companies see the benefits of AI and ML in increasing business efficiency and productivity. AI and ML can also be used to better predict customer and market behaviour, KPMG reported.

However, more than three-quarters of KPMG survey respondents, 78 percent to be precise, agree that AI and ML raise cyber security challenges. Almost as many (76 percent) believe, there are fundamental ethical questions to resolve as they adopt these technologies and say organisations will need to communicate more openly about how they are managing those issues.

“The risk is that AI and ML will increase cyber security and privacy risks if used inappropriately, which could damage companies’ reputation and lead to regulatory sanctions. The solution is cyber security and data protection teams working together to avoid these risks,” Mihkel Kukk, Head of Cyber Security Services at KPMG, said.

In addition, the survey showed that over 80 percent of executives recognised the importance of improving cyber security and data protection as the executives consider them one of the biggest risks companies face. Almost two-thirds of the respondents see information security as a risk-reduction activity rather than a business enabler. Moreover, more than half of the respondents say that senior leaders do not understand how better information security can help to enhance trust in the company and provide a competitive advantage.

The Chief Information Security Officer must be part of the management team

According to the survey, one-third of executives find that a company’s Chief Information Security Officer (CISO) is not viewed as a key executive and has less influence than they need to protect the organisation and its data. Half of the executives doubt that the relationship between the board and the CISO is characterised by ‘high trust’. “In a situation where cyber-attacks have become commonplace, a stronger position of the CISO in the company is essential, and they should be part of the management team. The CISO should not be just a technical expert, as the board and the extended management team are not equally competent in technical details. The CISO can perform their role effectively if they are allocated the necessary budget and are trusted by management. It is unlikely that they are able to perform this role well by trying to resolve technical issues only. As executives see cyber security as one of the biggest risks that companies face, we can expect to see a change in their attitudes,” Kukk stressed.

In the KPMG Cyber Trust Insights 2022, 1,881 executives were surveyed, and a series of discussions was conducted with corporate leaders and professionals from across the world to explore the extent to which the C-suite recognises the importance of cyber security, how they are meeting the challenge, and what they need to do next. The survey results are available in PDF format here.

KPMG is a global network of firms providing audit, tax, legal and advisory services. KPMG member firms operate in 144 countries and territories and collectively employ more than 236,000 partners and people. In Estonia, KPMG has been operating since 1992 and currently employs more than 250 staff. Nearly 2,000 professionals work for KPMG Estonia’s partner firm KPMG Finland and almost 6,000 in KPMG member firms in other Nordic countries.

Mihkel Kukk
Küberturvalisuse teenuste juht
KPMG Baltics OÜ