A growing sense of unease is accompanying the rise of generative AI (GenAI) in cybersecurity, according to a new survey, with 65% of respondents expressing concern over AI-related cybercrime. This apprehension is one of the key findings of the “Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2024,” released by the US-based National Cybersecurity Alliance (NCA) and CybSafe.
Based on a survey of 7,012 individuals across seven countries, the report highlights the significant gap between concern and preparedness in tackling AI-enabled cyber threats.
The report reveals that fear of AI-powered cyberattacks varies by generation. The Silent Generation, born between 1928 and 1945, are the most concerned, with 73% expressing fear over AI-related cyber risks, followed closely by Baby Boomers at 70%. Generation X is somewhat less concerned, with 61% indicating apprehension. Younger generations, while still concerned, displayed a lower level of anxiety.
Despite this growing concern, the survey highlights a troubling lack of training in AI-related cybersecurity risks. According to the study, 55% of AI tool users reported receiving no formal training on the security and privacy risks associated with these technologies. This is compounded by the fact that 56% of participants stated they do not use AI tools at all, suggesting a significant knowledge gap across the board.
“The growing concern about AI-related cybercrime reflects a heightened awareness of the digital threats we face,” said National Cybersecurity Alliance executive director Lisa Plaggemier. “However, with over half of participants (56%) not even using AI tools, and most (55%) of those using AI not being trained on the risks, it’s evident that more education and resources are needed.”
Staff playing fast and loose with AI in the workplace
Another concerning statistic reveals that 38% of AI users admitted to sharing sensitive work-related information with AI tools without their employer’s knowledge. Younger generations, particularly Gen Z (46%) and Millennials (43%) are more likely to engage in this risky behaviour compared to older generations.
“While AI presents unique and urgent challenges, the core risks remain the same,” said CybSafe CEO and founder Oz Alashe. “Many employees understand what’s required to safeguard their workplace against cyber threats, but the key to strengthening organisational resilience lies in transforming that knowledge into regular, safe behaviour.”
The report found a significant rise in the use of generative AI tools like ChatGPT, which was the most popular generative AI tool among users, with 65% of AI tool users engaging with it. Despite this popularity, the growing use of GenAI also heightens security risks, such as phishing attacks and the creation of deepfakes, making it harder for individuals to detect fraudulent content.
The report also reveals that 77% of participants believe that tech companies should bear the primary responsibility for regulating and overseeing the use of generative AI, highlighting the call for increased oversight of these rapidly evolving technologies.
Beyond AI-related concerns, the report highlights a broader increase in cybercrime incidents. In 2024, there were 3,346 reported cybercrime incidents, representing an increase of 1,299 cases from the previous year. Phishing scams remain the most common, accounting for 44% of all incidents. Additionally, 35% of survey respondents reported being victims of cybercrime, an increase of 8% from 2023.
The growing sophistication of AI-powered attacks, such as AI-generated phishing schemes and deepfake technologies, is compounding these challenges. The report also found that 91% of phishing incidents were reported by victims, highlighting increased awareness but also a persistent threat.
Despite increasing awareness of cyber threats, many participants still struggle to adopt safe behaviours. For example, only 65% of respondents consistently use unique passwords, and 46% reported they have never used a password manager. Additionally, while 81% of participants are aware of multi-factor authentication (MFA), only 66% use it regularly.