Artificial Intelligence
16.12 2022

KPMG: Artificial intelligence and machine learning are a hard nut to crack for corporate cyber security

Artificial intelligence (AI) and machine learning (ML) offer many benefits for businesses, but wider use of the new technology could, in a worst-case scenario, bring new cyber security risks, according to KPMG’s global survey Cyber Trust Insights 2022.

Artificial intelligence (AI) and machine learning (ML) offer many benefits for businesses, but wider use of the new technology could, in a worst-case scenario, bring new cyber security risks, according to KPMG’s global survey Cyber Trust Insights 2022.

A global survey conducted by KPMG among executives shows that companies see the benefits of AI and ML in increasing business efficiency and productivity. AI and ML can also be used to better predict customer and market behaviour, KPMG reported.

However, more than three-quarters of KPMG survey respondents, 78 percent to be precise, agree that AI and ML raise cyber security challenges. Almost as many (76 percent) believe, there are fundamental ethical questions to resolve as they adopt these technologies and say organisations will need to communicate more openly about how they are managing those issues.

“The risk is that AI and ML will increase cyber security and privacy risks if used inappropriately, which could damage companies’ reputation and lead to regulatory sanctions. The solution is cyber security and data protection teams working together to avoid these risks,” Mihkel Kukk, Head of Cyber Security Services at KPMG, said.

In addition, the survey showed that over 80 percent of executives recognised the importance of improving cyber security and data protection as the executives consider them one of the biggest risks companies face. Almost two-thirds of the respondents see information security as a risk-reduction activity rather than a business enabler. Moreover, more than half of the respondents say that senior leaders do not understand how better information security can help to enhance trust in the company and provide a competitive advantage.

The Chief Information Security Officer must be part of the management team

According to the survey, one-third of executives find that a company’s Chief Information Security Officer (CISO) is not viewed as a key executive and has less influence than they need to protect the organisation and its data. Half of the executives doubt that the relationship between the board and the CISO is characterised by ‘high trust’. “In a situation where cyber-attacks have become commonplace, a stronger position of the CISO in the company is essential, and they should be part of the management team. The CISO should not be just a technical expert, as the board and the extended management team are not equally competent in technical details. The CISO can perform their role effectively if they are allocated the necessary budget and are trusted by management. It is unlikely that they are able to perform this role well by trying to resolve technical issues only. As executives see cyber security as one of the biggest risks that companies face, we can expect to see a change in their attitudes,” Kukk stressed.

In the KPMG Cyber Trust Insights 2022, 1,881 executives were surveyed, and a series of discussions was conducted with corporate leaders and professionals from across the world to explore the extent to which the C-suite recognises the importance of cyber security, how they are meeting the challenge, and what they need to do next. The survey results are available in PDF format here.


KPMG is a global network of firms providing audit, tax, legal and advisory services. KPMG member firms operate in 144 countries and territories and collectively employ more than 236,000 partners and people. In Estonia, KPMG has been operating since 1992 and currently employs more than 250 staff. Nearly 2,000 professionals work for KPMG Estonia’s partner firm KPMG Finland and almost 6,000 in KPMG member firms in other Nordic countries.

Mihkel Kukk

Head of Cyber Security
+372 521 4332

Bolstering Cyber Resilience with High-Quality Red Teaming

The escalating complexity and frequency of cyberattacks pose a critical risk to the stability of f..

Cyber security

KPMG recognized as a Leader in Cybersecurity Consulting Services in Europe

According to The Forrester Wave: Cybersecurity Consulting Services in Europe, Q1 2024.

We are excit..

Cyber security

Cyber Security Expert: IT Hygiene Should Not Be Neglected During Holidays and Vacations

The line blurring between work and spare time, and the widespread use of remote work mean that peo..

Cyber security

A Company Must Not Be Bought Without a Pre-transaction IT Audit

It is a volatile time for economy, which always leads to businesses being purchased and sold. For ..

Cyber security

How To Prepare for Overcoming a Cyber Incident

It is no longer a question of if cyber incidents take place, but when they will take place. Based ..

Cyber security

Too Many Companies Underestimate IT Risks

Mihkel Kukk, Head of Cyber Security Services at KPMG, notes that, although great importance is att..

Cyber security

Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.

KPMG Baltics OÜ

+372 626 8700
Ahtri 4, 10151 Tallinn, Estonia
KPMG Baltics KPMG Global Privaatsuspoliitika
Email again:

HR assessment 

HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.

Email again:

Threat assessment

Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.

Email again:

Maturity assessment

Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.

Email again: