A recent study conducted by e2e-assure has raised serious concerns about employee understanding and adherence to artificial intelligence (AI) policies within UK companies. This research sheds light on the critical gap that exists between cyber risk owners and employees’ knowledge of AI policies, posing significant risks to the cyber resilience of UK businesses.

The survey assessed the opinions of 500 cyber risk owners alongside 1,000 employees in the UK, revealing a stark contrast in confidence levels. While 85% of cyber risk owners expressed confidence in the AI policy implementations, only 34% of employees claimed awareness of these policies. This discrepancy suggests that a lack of communication and training regarding AI protocols is endemic within many organizations.

Rob Demain, Chief Executive Officer at e2e-assure, emphasized the urgency of addressing this disconnect, stating, “What’s clear is that the fragmentation of technology, including this year’s stratospheric rise of AI, hasn’t helped in building cyber resilience.” The rapid adoption of AI technologies without accompanying employee education can lead to increased vulnerabilities.

Employee behavior further exacerbates the situation. The research indicates that 62% of employees have used AI tools such as ChatGPT or Copilot without authorization. Alarmingly, 41% of employees reported using these tools at least once per week, which runs counter to established company policies and heightens the risk for potential cyber attacks. From the cyber risk owners’ perspective, this unauthorized usage contributes to an environment of concern and mistrust.

Moreover, the study highlighted that 43% of employees had been victims of a cyber attack during their tenure, with approximately half of these incidents occurring within the past year. Citing findings from analytics firm Gartner, the research reveals a troubling trend where 69% of employees admitted to bypassing cybersecurity advice, and 74% were willing to do so if it facilitated achieving business objectives. These figures underline a prevailing disregard for cybersecurity protocols that many companies have established, highlighting a serious gap in compliance.

Interestingly, while there have been improvements in overall cyber resilience—with the confidence of organizations increasing by 7% compared to the previous year—there remains a pressing need for comprehensive training. Only 24% of employees reported feeling ‘very engaged’ in their training processes. This lack of engagement suggests that many employees may not fully grasp the implications of their actions or the importance of adhering to cybersecurity guidelines.

In response to the evident gaps in awareness and training, e2e-assure’s report outlines three strategic recommendations for cyber risk owners: prioritize employee involvement in security measures, streamline security protocols for users, and ensure reputable providers are selected to manage these efforts. These actions not only aim to fortify cyber defenses but also foster a culture of responsibility among employees.

Demain points out that ongoing education and training will be vital in bridging the knowledge gap. “The need for ongoing education and training in this field will be pivotal in the months and years ahead. AI could be about to unravel everything that’s been so hard fought for,” he stated, underlining the critical nature of a proactive approach in cybersecurity.

The implications of these findings extend beyond immediate security concerns. The integration of AI technologies continues to expand, making it imperative for organizations to align cybersecurity strategies with technological advancements. As more companies integrate AI into their operations, they must consider employee training not just as a checkbox but as an essential component of their democratic approach to cyber resilience.

Ultimately, the responsibility for safeguarding against cyber threats lies with both cyber risk owners and their employees. The findings from e2e-assure serve as a wake-up call for organizations throughout the UK to prioritize the knowledge and engagement of their workforce in AI policy awareness. Establishing a robust culture of cybersecurity can no longer be seen as a mere formality; it is now a critical component of business resilience.

Only through collective efforts, continuous education, and improved communication can businesses hope to mitigate the risks associated with AI technology and ensure they remain on the cutting edge of cyber resilience.