Cyber-criminals are likely to weaponise Artificial Intelligence (AI) to commit bigger, more sophisticated and more dangerous crimes, it’s claimed.
Most, 78 per cent of chief internal auditors believe AI will negatively impact cybersecurity and data security, while 58pc say it will exacerbate fraud, according to a survey of 985 such auditors across Europe. Chief Internal Auditors reported that the top five risks most negatively impacted by AI for business leaders to consider are:
1. Cybersecurity and data security (78pc);
2. Fraud, bribery and the criminal exploitation of disruption (58pc);
3. Digital disruption, new technology and AI (55pc);
4. Human capital, diversity, talent management and retention (48pc); and
5. Communications, reputation and stakeholder relationships (41%)
The Chartered Institute of Internal Auditors (CIIA) says that the results indicate that the boards and senior management should harness their internal auditors and seek independent internal assurance that the controls used to mitigate and manage AI-related risks are working. Where controls are found deficient or ineffective, internal audit can make recommendations for management to take corrective action to address control weaknesses, the CIIA adds.
It advises that in preventing AI-powered attacks businesses will increasingly need to deploy the same AI tools as part of their cyber defences, with the best defence against AI-powered cyber-crime often being AI-powered cybersecurity. For example, some AI cybersecurity tools can detect ransomware in seconds.
Anne Kiem, Chief Executive of the Chartered Institute, said: “AI is evolving rapidly, and as with all new technologies it can be used for positive and negative reasons. Our research has shown that Chief Internal Auditors are alert to the threats, and this should bring some comfort to those organisations that have a strong focus on risk control, risk mitigation, and having a well-resourced internal audit function. Internal auditors remain a force for good.”
The survey, commissioned as part of Risk in Focus 2025, was carried out over March and April and included views from chief internal auditors in Albania, Armenia, Austria, Belgium, Bulgaria, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, Switzerland and the UK.
The CIIA will publish the full Risk in Focus 2025 report and survey findings in September. See also Risk in Focus, an annual thought leadership research project, at https://www.iia.org.uk/policy-and-research/research-reports/risk-in-focus/.
