16.12 2022

KPMG: Artificial intelligence and machine learning are a hard nut to crack for corporate cyber security

Artificial intelligence (AI) and machine learning (ML) offer many benefits for businesses, but wider use of the new technology could, in a worst-case scenario, bring new cyber security risks, according to KPMG’s global survey Cyber Trust Insights 2022.

Artificial intelligence (AI) and machine learning (ML) offer many benefits for businesses, but wider use of the new technology could, in a worst-case scenario, bring new cyber security risks, according to KPMG’s global survey Cyber Trust Insights 2022.

A global survey conducted by KPMG among executives shows that companies see the benefits of AI and ML in increasing business efficiency and productivity. AI and ML can also be used to better predict customer and market behaviour, KPMG reported.

However, more than three-quarters of KPMG survey respondents, 78 percent to be precise, agree that AI and ML raise cyber security challenges. Almost as many (76 percent) believe, there are fundamental ethical questions to resolve as they adopt these technologies and say organisations will need to communicate more openly about how they are managing those issues.

“The risk is that AI and ML will increase cyber security and privacy risks if used inappropriately, which could damage companies’ reputation and lead to regulatory sanctions. The solution is cyber security and data protection teams working together to avoid these risks,” Mihkel Kukk, Head of Cyber Security Services at KPMG, said.

In addition, the survey showed that over 80 percent of executives recognised the importance of improving cyber security and data protection as the executives consider them one of the biggest risks companies face. Almost two-thirds of the respondents see information security as a risk-reduction activity rather than a business enabler. Moreover, more than half of the respondents say that senior leaders do not understand how better information security can help to enhance trust in the company and provide a competitive advantage.

The Chief Information Security Officer must be part of the management team

According to the survey, one-third of executives find that a company’s Chief Information Security Officer (CISO) is not viewed as a key executive and has less influence than they need to protect the organisation and its data. Half of the executives doubt that the relationship between the board and the CISO is characterised by ‘high trust’. “In a situation where cyber-attacks have become commonplace, a stronger position of the CISO in the company is essential, and they should be part of the management team. The CISO should not be just a technical expert, as the board and the extended management team are not equally competent in technical details. The CISO can perform their role effectively if they are allocated the necessary budget and are trusted by management. It is unlikely that they are able to perform this role well by trying to resolve technical issues only. As executives see cyber security as one of the biggest risks that companies face, we can expect to see a change in their attitudes,” Kukk stressed.

In the KPMG Cyber Trust Insights 2022, 1,881 executives were surveyed, and a series of discussions was conducted with corporate leaders and professionals from across the world to explore the extent to which the C-suite recognises the importance of cyber security, how they are meeting the challenge, and what they need to do next. The survey results are available in PDF format here.


KPMG is a global network of firms providing audit, tax, legal and advisory services. KPMG member firms operate in 144 countries and territories and collectively employ more than 236,000 partners and people. In Estonia, KPMG has been operating since 1992 and currently employs more than 250 staff. Nearly 2,000 professionals work for KPMG Estonia’s partner firm KPMG Finland and almost 6,000 in KPMG member firms in other Nordic countries.

Mihkel Kukk
Küberturvalisuse teenuste juht
KPMG Baltics OÜ

Bolstering Cyber Resilience with High-Quality Red Teaming

The escalating complexity and frequency of cyberattacks pose a critical risk to the stability of ..

KPMG recognized as a Leader in Cybersecurity Consulting Services in Europe

According to The Forrester Wave: Cybersecurity Consulting Services in Europe, Q1 2024.

We are exc..

KPMG: artificial intelligence cannot replace a doctor

Mihkel Kukk, Head of Cyber Security Services at KPMG, says that artificial intelligence cannot rep..

State funding to improve the cyber security of companies

The joint organisation of Enterprise Estonia and KredEx, together with the State Information Syste..

The most cost-effective way to identify information security and cyber security vulnerabilities is through cyber maturity assessment

The most cost-effective way for companies and other organisations to identify their cyber security..

Information security can only be ensured at a high level of quality under the leadership of a competent Chief Information Security Officer

Why is information security important and what is its main purpose in the context of a company’s b..

Provide a safe and sustainable business environment for your company! We will help you build a resilient and reliable digital world, even in the face of changing threats.

KPMG Baltics OÜ

+372 626 8700
Ahtri 4, 10151 Tallinn, Estonia
KPMG Baltics KPMG Küberkaitse KPMG Global Privacy Policy
Oma veebilehel kasutame küpsiseid. Küpsised aitavad analüüsida veebiliiklust ning annavad meile statistilist teavet.
Email again:

HR assessment 

HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.

Email again:

Threat assessment

Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.

Email again:

Maturity assessment

Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.

Email again: