The study, titled How Polish Companies Are Embracing AI, revealed a growing emphasis on regulating both internal and publicly available AI systems.
In 2024, half of the surveyed firms had policies in place for managing AI usage, up from 40 percent the previous year.
“Companies have no choice but to increase their focus on cybersecurity when it comes to AI,” said Piotr Ciepiela, a cybersecurity expert at EY.
“Cybercriminals are already using AI to enhance their capabilities, while AI implementation itself requires organizations to upload significant amounts of data that must be properly secured.”
He added that while Polish firms are increasingly aware of these challenges, limited investment budgets often force compromises that hackers can exploit.
The report found that in 2024, ninety-four percent of companies analyzed cybersecurity aspects when implementing AI tools, marking a 2 percentage point increase from the previous year.
Additionally, 75 percent of firms introduced specific rules and procedures for AI use, up by 9 percentage points compared to 2023.
The study also found that 36 percent of Polish companies actively identified and countered AI-specific risks during implementation, a 5 percentage point increase from the previous year.
Meanwhile, reliance on general market threats as a basis for AI security measures declined from 27 percent to 21 percent.
A small proportion of businesses (11 percent) managed AI risks similarly to other IT systems, while the percentage of firms ignoring AI-related risks dropped slightly, from 3 percent to 2 percent.
Polish companies have been prioritizing AI-related investments in cybersecurity, with 34 percent of firms allocating funds to this area.
Other major areas of investment include AI system integration (45 percent), purchasing ready-made AI solutions (44 percent), and developing in-house AI tools (34 percent).
However, the report flagged a concerning lack of investment in training and education. Only 13 percent of firms provided AI-related security training for employees, despite the increasing sophistication of cyber threats.
The study warned that AI enables hackers to create highly targeted phishing emails, as well as convincingly imitate voices and images.
"Companies where employees have low awareness of these risks are more vulnerable to cyberattacks," the report stated.
Patryk Gęborys, a partner at EY Poland’s information security and technology team, stressed the need for more education and training.
"Companies tend to focus on technology, but awareness and organization-wide training must follow," he said. "Even the most advanced security measures will be ineffective if employees do not know how to protect themselves and their company from new AI-driven threats."
The study, commissioned by EY Poland and conducted by Cube Research in the final quarter of 2024, surveyed 501 large and medium-sized businesses across Poland's manufacturing, services and trade sectors.
(rt/gs)
Source: PAP