- Storyblok survey of 300 senior security professionals reveals 65% businesses say they need to rapidly upgrade security monitoring and threat detection due to AI concerns
- 17% say they experience a security incident at least once a week, 32% once a month, and only 10% report not having an incident in the past year
- Lack of qualified security experts is cited by 50% of companies as the biggest barrier to improving security, followed by the complexity of legacy systems (46%) and regulatory uncertainty (45%)
- 59% believe AI being exploited by malicious actors is the number one security concern, followed by protecting sensitive data used by gen AI (53%), and compliance and regulatory risks caused by AI (53%)
LONDON – The vast majority of businesses are struggling to adapt and scale their security operations in the face of talent shortages and new threats from AI according to research released by enterprise CMS Storyblok.
Storyblok surveyed 300 senior security professionals in leadership or decision making roles at medium to large scale companies. The research underlines the challenges businesses now face in continuing to grow their operations while countering new security threats.
When asked to rank how they expected AI to impact company security practices in the coming year, 65% say they needed to upgrade security and threat monitoring, 54% identity and access management would become more complex, and 50% believe stronger data protection and privacy controls are required. However, meeting these demands is unlikely to be straightforward, with 50% responding that talent and skills shortages were a major barrier to improving security, followed by the complexity of legacy tech systems (46%), regulatory uncertainty (45%) and budget limitations (42%).
Website security remains a key area of concern. Only 49% of businesses say they were ‘fully prepared’ for a security incident and 39% reported a security issue impacting their content strategy in the past year. 62% cited data encryption and privacy as an area which needs to be prioritized for future website security investment, followed by user authentication and control (56%), and AI powered security tools (51%).
The top three security threats identified by businesses were threats from hackers and malware (54%), employee human error (47%), and AI introducing new risks (45%).
In relation to AI-specific security threats, 59% rated new AI tools being used by hackers as a major challenge, followed by protecting data used or generated by AI (53%), and compliance and regulatory risks caused by AI (53%).
When asked which parts of their company’s strategy was most affected by security concerns, 60% said being able to scale security operations in line with company growth, followed by handling employee and customer data across countries (58%), and working with new vendors and partners safely (49%).
Despite these concerns, 76% of businesses rated their company’s security as above average, with only 5% admitting it was below industry standards.
Looking ahead to threats in the next three to five years, increasing use of AI was unsurprisingly number one at 55%, followed by cloud adoption and multi-cloud complexity (49%), and growing global regulatory and compliance requirements (45%).
Dominik Angerer, CEO and Co-Founder of Storyblok, said: “It will not come as a surprise to many that new threats from AI are top of mind for security professionals. However, recognising the problem and adapting to it are very different propositions. Our research shows that legacy systems, skills shortages and outdated websites are all areas of vulnerability for many businesses. This goes beyond the immediate potential damage of a hack but also hinders day-to-day business operations like content strategies, as well as long term strategic goals, such as scaling internationally.
“On one hand the vast majority of professionals say that their security operations are ‘above average’, on the other 90% say they have had at least one security incident in the past year. Complacency is a real risk factor. This is why it is critical that businesses look at upgrading their tech infrastructure as both a commercial and a security necessity.”
