A recent study, How Polish Companies Are Embracing AI, highlights a growing emphasis on managing cybersecurity risks associated with both internal and publicly available AI systems.
The research found that in 2024, half of the surveyed companies had policies in place to govern AI usage—an increase from 40 percent the previous year.
“Organizations have no choice but to ramp up their focus on cybersecurity when dealing with AI,” said Piotr Ciepiela, a cybersecurity expert at EY.
He noted that cybercriminals are already leveraging AI to enhance their attack methods, while companies integrating AI must secure vast amounts of sensitive data.
“Polish firms are increasingly aware of these challenges, but limited budgets often lead to compromises that hackers can exploit,” Ciepiela added.
Growing awareness of AI security risks
The report revealed that in 2024, 94 percent of firms considered cybersecurity when implementing AI tools, up by 2 percentage points from the previous year.
Moreover, 75 percent had introduced specific rules and procedures for AI usage, marking a 9 percentage point increase from 2023.
Additionally, 36 percent of companies actively identified and mitigated AI-specific threats during implementation, up from 31 percent the previous year. Meanwhile, reliance on general market threats as a basis for AI security measures declined from 27 percent to 21 percent.
Only a small proportion of businesses (11 percent) managed AI risks in the same way as other IT systems, while the percentage of firms ignoring AI-related risks fell from 3 percent to 2 percent.
Cybersecurity investments on the rise, but training lags
Polish businesses are increasingly prioritizing AI-related cybersecurity investments, with 34 percent of firms allocating funds to this area. Other key investment areas include AI system integration (45 percent), purchasing ready-made AI solutions (44 percent), and in-house AI development (34 percent).
However, the study raised concerns over a lack of investment in employee training. Only 13 percent of firms provided AI-related security training, despite the growing sophistication of AI-driven cyber threats.
AI is enabling hackers to craft highly targeted phishing attacks, as well as convincingly imitate voices and images, the report warned.
“Companies with low employee awareness of these risks are more vulnerable to cyberattacks,” the study stated.
Call for greater employee awareness
Patryk Gęborys, a partner at EY Poland’s information security and technology team, emphasized the urgent need for education and training.
“Companies tend to focus on technology, but organization-wide awareness and training must follow,” he said. “Even the most advanced security measures are ineffective if employees do not know how to safeguard themselves and their company from new AI-driven threats.”
The study, commissioned by EY Poland and conducted by Cube Research in late 2024, surveyed 501 large and medium-sized businesses across Poland’s manufacturing, services, and trade sectors. Photo by mikemacmarketing, Wikimedia commons.