The Growing Threat of AI-Driven Cyberattacks: What Businesses Need to Know

As artificial intelligence (AI) continues to evolve, businesses around the globe are encountering escalating risks from increasingly sophisticated cyberattacks. According to a warning from cybersecurity insurer Hiscox, the potential for harm is significant. This sentiment is echoed by cybersecurity expert Durgan Cooper, who has advised the House of Lords on such matters. Cooper asserts that AI is effectively “lowering the barrier to entry for more complex attacks.” This concern is substantiated by the findings of Hiscox’s 2024 Cyber Readiness Report, which indicates that over two-thirds (67%) of businesses worldwide reported a surge in cyberattacks last year.

Worsening Implications for Businesses

Comparing the latest data from 2024 to that of 2023, the Hiscox report highlights alarming trends:

This data reveals that both customer retention and attraction challenges have more than doubled since 2023. Additionally, over a third of organizations experienced negative publicity, leading to damage to their reputation—an increase from 25% the previous year.

Strengthening Defenses for SMEs

To help small and medium-sized enterprises (SMEs) bolster their cybersecurity defenses, Alana Muir, Head of Cyber at Hiscox, along with Durgan Cooper, Chairman of tech solutions provider CETSTAT, offers five essential tips for protecting networks.

The Accessibility of AI-Enhanced Cyberattacks

Durgan highlights the increased threat posed by AI, noting, “AI is lowering the barrier to entry for more complex attacks. With AI-generated content and adaptive malware now more accessible, targeted attacks and social engineering are on the rise.” He explains that attackers utilize AI to swiftly learn network behaviors, significantly reducing the time between an initial breach and a subsequent attack, which averages over 180 days. Furthermore, “AI excels at exploiting vulnerable databases and human errors, with phishing emails increasingly targeting unsuspecting employees.”

The Importance of Employee Training in the Era of AI-Enhanced Cyberattacks

Hiscox’s Cyber Readiness Report reveals an urgent need for improved cybersecurity measures, as over a third of companies (34%) report that expertise in managing emerging technology risks is lacking. Phishing remains the predominant cause of cyberattacks, accounting for about 90% of incidents. Durgan emphasizes the necessity for AI-focused employee training to mitigate this threat:

“The sophistication of modern AI enhances the credibility of phishing and ransomware campaigns. Businesses must elevate their employee training to include insights on recognizing AI-driven social engineering.”

Muir adds, “Small businesses often underestimate their vulnerability to cyberattacks, mistakenly believing they are less likely to be targeted than larger organizations. However, all businesses are at risk. Empowering employees to recognize signs of an attack is a critical defense for maintaining secure operations.”

Five Practical Steps for SMEs to Enhance Cyber Security Awareness in 2025

As revealed in Hiscox’s Cyber Readiness Report, nearly two-thirds (64%) of business leaders anticipate that generative AI will play a crucial role in shaping their cybersecurity strategies by 2030. For SMEs eager to take immediate action, Durgan and Alana outline five key steps for safeguarding their businesses:

1.Implement Cyber Essentials Certification

The Cyber Essentials scheme, backed by the government, sets basic security standards to protect against common cyber threats. Durgan advises, “Every business should pursue Cyber Essentials as a foundational step toward robust cybersecurity.”

2. Monitor Networks for Unusual Activities

Durgan emphasizes the need for ongoing network monitoring to detect abnormal behavior, recommending investment in Security Operations Centre (SOC) services for rapid anomaly investigation and response. These SOCs can monitor network traffic and automatically flag suspicious activities, making them increasingly accessible to small businesses.

3. Regularly Apply Patches and Updates

One of the simplest yet most effective ways to thwart cyberattacks is by patching vulnerabilities and keeping systems updated. Regular updates ensure software remains resilient to emerging threats.

4. Safeguard Your Business with Cyber Insurance

In addition to preventative measures, SMEs should consider cyber insurance to mitigate the financial repercussions of a breach. Alana highlights the importance of such coverage:

“Every business faces the risk of cyberattacks, particularly as threats evolve with advancements in AI. Cyber insurance not only offers financial protection but also provides essential resources for rapid recovery post-breach.”

5. Enhance Employee Training Continuously

With AI-powered phishing scams growing increasingly sophisticated, it’s vital for businesses to ensure employees can identify potential threats. Ongoing training is crucial to remain ahead of evolving attack methods.