Firms’ fears mount as cyber fiends explore generative AI

The annual cost of responding to cybercrime for businesses can be as much as US$5 million, according to a new report from Barracuda Networks.

This was found through research undertaken for Barracuda by Ponemon Institute, which surveyed 1,917 IT security practitioners in the United States (522), the United Kingdom (372), France (329), Germany (425), and Australia (269) in September 2023. 

According to the study, enterprises with 100 to 5,000 employees can face an average annual cost of $5.34 million to recover from cyber compromises like a successful ransomware or phishing attack. 

This expense includes addressing damage to IT assets, incidents of theft, and operational disruptions arising from attacks.

The report also delves into the security challenges faced by organisations and raises the alarm over hackers exploring the use of generative AI technology for increasing the volume, sophistication, and effectiveness of their attacks. 

According to the report, half of the security professionals interviewed believe AI will enable hackers to launch more attacks, and only 39% believe their security infrastructure is adequately equipped to protect against generative AI-powered security attacks.

When it came to ransomware, the study found that a majority of respondents (71%) had experienced a ransomware attack in the last year, and 61% admitted to paying the ransom. 

According to respondents, the highest amount paid for a ransomware attack, on average, is $1.38 million.

On the other hand, the report also provides some positive takeaways, identifying “High Performers,” a subset of respondents that model behaviours and proven security measures for suscessfully mitigating risks, vulnerabilities, and attacks. 

These include tactics like adopting a platform approach to security rather than relying on a collection of disparate individual security tools or solutions; implementing privileged access rights to ensure that sensitive data remains accessible only to authorised individuals, and creating (and regularly rehearsing) a security incident response plan.

Barracuda CTO Fleming Shi said companies are not powerless, and proactive monitoring and attack detection to prevent progression to more severe stages like data exfiltration or ransomware is key.

“Cyber-resilence needs to be a priority, particularly as technology continues to advance and we start to see hackers being able to harness the power of (generative AI) to improve the efficiency and effectiveness of their attacks,” said Mark Lukie, director of solution architects at Barracuda APAC.