Kroll has released global cyber resilience research which reveals that rapid artificial intelligence adoption is dramatically outpacing governance, security controls and incident preparedness.
Kroll Jersey Managing Director Ed Shorrock believes the findings should resonate with Channel Islands businesses, particularly in the financial services sector where AI adoption is most prevalent.
The research shows that AI, and in particular agentic AI, has changed the threat model permanently. The research results indicate that while AI is becoming embedded across enterprise operations, 76% of businesses have experienced a security incident involving AI applications or models in the past two years.
The research reveals organisations lack the foundational security practices and governance frameworks necessary to deploy AI safely and effectively, costing almost one-third of organisations (27%) over one million dollars related to AI-related security incidents.
It shows that while there is appetite to incorporate the promise of AI into security infrastructure, 90% of respondents surveyed identified barriers preventing greater investment in AI security. Lack of clear ROI, insufficient executive understanding of AI risks and the belief that current measures are sufficient account for 40% of those barriers.
The research shows that most organisations are inadequately prepared for AI threats, despite the rapid increase in attacks:
- Organisations spend an average of 13% of their AI initiative budget on using AI to test security controls or to test the models themselves, leaving critical gaps in AI security posture and illuminating a disconnect between AI adoption and AI security investment.
- Companies with highly mature security practices are six times more likely to spend over 20% of their AI budget on testing security controls.
The research also showed that as organisational cyber maturity increases, the likelihood of experiencing an AI-related security incident drops significantly:
- 89% of organisations with very low cyber maturity experience AI-related security incidents.
- In contrast, 54% of organisations with very high cyber maturity experience AI-related security incidents.
- Even further, 46% of organizations with very high cyber maturity reported zero AI-related cyber incidents in the past two years, demonstrating that robust security foundations directly translate to AI security resilience.
Ed Shorrock (pictured), Co-Managing Director in Kroll’s Jersey office, said: “Organisations in the Channel Islands are under pressure to embrace AI in order to respond faster and with greater precision to increasingly complex threats. We’re seeing businesses, in particular in the islands’ financial services sector, enthusiastically integrate AI into their operations – but not getting the fundamentals right first can create a dangerous security debt.
“AI isn’t inherently risky; it’s that without the right foundational security in place AI amplifies existing security weaknesses. Secure architecture, identity management, incident response, security culture – these aren’t limitations on innovation, but what make innovation sustainable.”
