iscoverSmall businesses take over a week to recover from cyber attacks, and AI tools are ramping up firms’ exposure to threats, a white paper has revealed.
AI uptake ramping up cyber threats for businesses, BDO says
16 October 2025
•
7 minute read
A new International Data Corporation (IDC) white paper commissioned by BDO revealed that the average organisation takes over a week to recover from cyber incidents, costing organisations time, money and customer trust.
BDO cyber security leader Leon Fouche said that while organisations poured resources into AI, many still “bolted on” cyber security solutions instead of properly embedding them into their culture and systems.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
“Budgets are no longer the primary barrier. The real issue is that security is too often treated as an afterthought,” he said.
“If you wait until execution or, worse, until after an incident, you’ve already lost valuable ground. Cyber security has to move upstream and be embedded from the very start of transformation.”
IDC’s white paper found that the average organisation took over four days to respond to a cyber incident, and over seven to recover.
Growing uptake of new technologies, especially generative AI, was exposing businesses to increasing cyber threats, Fouche said.
“GenAI is an extraordinary tool for innovation, but it’s also a gift to adversaries,” he warned.
“Without strong oversight, training, and access controls, businesses risk exposing sensitive data and amplifying social engineering attacks. The need to act has never been more urgent.”
AI has also revolutionised the way that cyber criminals work and boosted fraud risks, Niek Dekker, VP of marketing at payment fraud prevention firm Eftsure, told Accountants Daily's sister brand, Accounting Times, earlier this year.
“Where the criminals are using [AI], they are speeding up their way of execution and making it way more sophisticated as well, so their attacks will be way faster, more automated. There's less risk and more reward for those people, so there's more incentive for other people to get involved in it,” he said.
“We reckon there will be more attacks and more sophisticated attacks, so it will become harder for accountants to navigate that.”
As cyber threats ramp up, Fouche said organisations that embedded cyber security into their core business strategy would fare better than those that saw it as a box-ticking exercise.
“Organisations that build cyber maturity into their culture and governance, supported by real-time detection and proactive risk management, will be the ones who thrive,” he said.
“Cyber security is no longer a compliance box to tick; it’s a decisive driver of competitiveness and trust.”
You need to be a member to post comments. Become a member for free today!
