Employees share more secrets with AI than they would in a bar
A new study of 1,000 office workers across the US and UK shows half of us already use AI tools at work, one-third weekly and 12 percent daily.
But the report from Cybsafe finds 38 percent of users of generative AI in the US admit to sharing data they wouldn't casually reveal in a bar to a friend.
The findings show 64 percent of US office workers have entered work information into a generative AI tool, and a further 28 percent aren't sure if they have. A total of 93 percent of workers are potentially sharing confidential information with AI tools.
People obviously find these tools useful, with 57 percent of US office workers using AI tools. They're mostly used for research (44 percent), writing copy (like reports) (40 percent), data analysis (38 percent) and writing code (15 percent). 32 percent of users of generative AI in the UK and 33 percent in the US saying they'd probably continue using AI tools, even if their company banned them.
"The emerging changes in employee behavior also need to be considered," says Dr Jason Nurse, CybSafe's director of science and research and current associate professor at the University of Kent. "If employees are entering sensitive data sometimes on a daily basis, this can lead to data leaks. Our behavior at work is shifting, and we are increasingly relying on generative AI tools. Understanding and managing this change is crucial."
The research indicates a significant number of employees are not confident in their ability to discern AI-generated text from human-written text. Over 60 percent in both the UK and the US are either unsure or doubt their ability. This uncertainty could make them more prone to AI-led cyber attacks.
Dr Nurse adds, "As generative AI infiltrates the workplace, it’s building a cyber-superhighway for criminals. Half of us are using AI tools at work, and businesses aren't keeping pace. We're seeing cybercrime barriers crumble, as AI crafts ever more convincing phishing lures. The line between real and fake is blurring, and without immediate action, companies will face unprecedented cybersecurity risks."