The truth about GenAI security: your business can’t afford to “wait and see”
One in four UK businesses lack a documented strategy to address generative AI (GenAI) threats, according to research from Ivanti. Let that sink in for a moment. Would we accept the same casual approach to, say, workplace health and safety? Likely not. Yet here we are, watching a technological revolution unfold while many organizations take a dangerously passive stance toward securing it.
The speed of GenAI’s evolution has caught many security teams flat-footed. While 47% of security professionals in the UK view GenAI as a net positive for cybersecurity — and they’re right to see its potential — this optimism sometimes masks a troubling lack of preparation.
Consider this eyebrow-raising reality check: Nearly half of UK IT and security professionals (49%) believe phishing will become a greater threat due to GenAI. And I’d argue they’re right to be concerned. The problem is that their concern isn’t translating into action. A quarter of organizations haven’t documented any strategy to address these risks. We’re seeing unprecedented technological advancement coupled with unprecedented organizational inertia. It’s not great.
SVP EMEA for Ivanti.
The data silo trap
The challenge goes deeper than just keeping pace with GenAI’s evolution. A remarkable 72% of organizations report that their IT and security data are siloed across systems. These fragments of critical security information might as well be locked in separate vaults. And 63% say these silos actively slow their security response times.
Think about that. In an era where AI-powered threats can evolve and spread at machine speed, many security teams are still piecing together threat data from disparate systems like a jigsaw puzzle. That’s not just inefficient — it’s downright dangerous.
The training paradox
Most security teams recognize that human error is still a prime vulnerability. That’s why 57% have turned to anti-phishing training as their first line of defense against sophisticated social-engineering attacks. It’s currently the most popular protective measure against AI-driven threats.
I’m the first to assert that anti-phishing training is critical, particularly given how often well-meaning employees unintentionally create pathways for exploitation by falling for increasingly sophisticated phishing schemes.
But strong employee training is far from sufficient. It means using yesterday’s tools to fight today’s threats. Emphasizing best practices to combat AI threats is sort of like using a personal floatation device to keep safe while lounging in shark-infested waters. Should you wear the personal flotation device? Certainly. But it won’t save you from the real threat.
The good news is that cybersecurity professionals are aware of the gaps left by traditional anti-phishing defenses. Only 32% believe this training is “very effective” against AI-powered social engineering attacks. However, and I risk sounding like a broken record here, the concern and awareness aren’t translating into action.
Beyond traditional defenses
As GenAI capabilities expand, they create new attack surfaces faster than traditional security measures can adapt. As I’ve argued, the old playbook of reactive security measures and siloed defenses simply won’t cut it anymore. What will cut it? In short, a holistic approach to exposure management that addresses both immediate threats and systemic vulnerabilities.
What does this mean in practice? Security teams need to rethink their approach altogether, and that means addressing key elements such as the following:
Continuous monitoring and assessment
Traditional periodic security assessments can’t keep pace with AI-driven threats. Organizations need real-time visibility across their entire attack surface, from traditional assets to new AI tools. This means moving beyond scheduled vulnerability scans to implement continuous monitoring that can detect and respond to threats as they emerge.
Breaking down data silos
Those fragmented security and IT data stores? They’re not just an inconvenience—they’re a liability. With 63% of organizations reporting slower security responses due to siloed data, the need for unified visibility isn’t just a nice-to-have—it’s a critical security requirement when facing sophisticated AI-powered threats that can exploit gaps between systems.
Evolving beyond basic training
Remember — security awareness training is important, but it can’t be your only defense. We need to augment human awareness with sophisticated detection and response capabilities. Fight fire with fire.
Data-driven security responses
When facing AI-powered threats, gut instinct and experience aren’t enough. Security teams need comprehensive data visibility to spot patterns and anomalies that signal emerging threats. This means breaking down those data silos that 72% of organizations currently struggle with and implementing systems that can provide unified threat visibility.
What are you waiting for?
GenAI isn’t just another technology trend to monitor — it’s actively reshaping the threat landscape. While 47% of security professionals view GenAI positively, this optimism must be matched with concrete action.
Organizations can’t afford to take a wait-and-see approach to GenAI security. The technology’s rapid evolution, combined with existing challenges like data silos and training limitations, necessitates an intentional, comprehensive, layered and proactive stance.
Those who delay implementing comprehensive security strategies are already falling behind, and since GenAI continues to shapeshift and grow in sophistication by the day, falling even a little bit behind makes it prohibitively difficult to catch up.
The time for documented strategies, unified security visibility and enhanced threat detection isn’t coming — it’s here. It’s time to stop wondering whether your organization will need to adapt to AI-driven security challenges, and start focusing on how quickly and effectively you can do it.
A final plea: don’t wait until after you face a serious breach. In this case, “wait and see” translates to “wait and pay the price.”
We’ve compiled a list of the best firewall software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
One in four UK businesses lack a documented strategy to address generative AI (GenAI) threats, according to research from Ivanti. Let that sink in for a moment. Would we accept the same casual approach to, say, workplace health and safety? Likely not. Yet here we are, watching a technological revolution…
