Data Breaches & Threats | Operational resilience

December 1, 2025

With promises of operational efficiencies many organisations are accelerating the adoption of AI. At the same time other organisations are struggling to step back and assess the real benefits AI offers. There is uncertainty about “sharing” sensitive information with an unknown AI assistant.

This challenge isn’t new. Cyber security has long grappled with building trust in existing systems and the controls that protect them. In truth, most businesses still haven’t achieved effective cyber security risk management practices for traditional technologies, let alone for emerging ones like AI. Now is the time to recalibrate your defence strategies.

What’s different now is scale and speed. AI amplifies attackers’ capabilities, enabling them to identify and exploit weaknesses faster and more precisely than ever. For organisations already struggling to contain cyber risk, the leap to maintain cyber resilience in an AI-driven threat landscape adds another degree of difficulty.

The Baseline for New AI Risks

Many security teams are introducing AI security solutions into environments while foundational risks remain unresolved. Breaches, both trivial and sophisticated, continue to rise for familiar reasons:

  • Patching fatigue: The sheer number of updates makes it difficult to keep systems secure.
  • Control gaps: Measures like MFA, access controls and backups may exist, but are often ineffectively applied.
  • Underinvestment: Security is still perceived as complex, costly, or “someone else’s problem.”

In a world where operating costs continue to be a challenge, the risks and costs of a cyber breach are too easily discounted. Funding is often limited and protection is left to “best efforts” relying on free or open-source tools and manual processes. This reactive mindset leaves organisations exposed, often only apparent when insurance claims are rejected.

The challenge compounds when IT services are outsourced or hosted in the cloud, making it harder to see how well controls are performing against evolving threats. Assurance without evidence is not enough. Third parties may unwittingly introduce their own vulnerabilities, or become attack vectors themselves.

Strong cyber security is ultimately the responsibility of senior leaders in every organisation. Cyber hygiene controls remain the cornerstone of all cyber security frameworks. And, in an AI-enabled threat environment, ensuring they work effectively is more important than ever.

This “perfect storm” of insufficient control recently prompted a ministerial letter to FTSE CEOs in the UK, urging tighter governance, improved security controls, and supply chain assurance. It’s a reminder that compliance dashboards alone are not security, not in a world moving at AI speed.

Enter the AI-Enabled Attacker

In Huntsman’s Cyber Security Predictions for 2026, we anticipate a significant AI-powered or AI-assisted attack, and this is no longer an alarmist view.

The reality is simple: attackers are already using AI to automate reconnaissance, exploit vulnerabilities, and scale campaigns. The recent NCSC Annual Review, reminded organisations that the gap between cyber threats (AI-assisted and others) and national defence capability continues to widen. To keep pace, security operations must mature rapidly.

Here’s what every security leader should prioritise:

Stay Ahead of AI-Driven Adversaries

AI-enabled attackers will find any vulnerability. Certainly faster than a human can. The only defence is to detect them early and reduce their number quickly. Visibility of threats and effective cyber posture management will be enhanced with a layered defence-in-depth strategy. 

Security technologies must go beyond manual checks or periodic audits. Continuous, automated detection and response are now table stakes.

Move to Continuous, Evidence-Based Security

Annual audits and quarterly penetration tests are no longer sufficient. With AI adding to attack effectiveness businesses need real-time visibility into their security posture, detecting and remediating issues before they accumulate into unmanageable risk.

Claims like “patching can’t be done faster” or “data isn’t available”, no longer hold up. Timeliness is now synonymous with resilience.

Track Every Asset: Especially the Unknown Ones

Shadow IT, IoT and OT devices often sit outside the security team’s field of vision. These hidden assets create blind spots ripe for exploitation.

Every device must be known, tracked and managed, whether owned by IT, business units or third parties. Ongoing awareness and containment of unprotected IT assets are essential to prevent AI-assisted attacks from finding and exploiting them.

Detect Changes in Real Time

Modern infrastructures evolve constantly. New systems are spun up, cloud resources deployed, accounts added or removed.

Security teams must now routinely detect and assess these ongoing changes to ensure that the overall cyber posture remains adequate. Automated processes mean that even small lapses in configuration can prevent the AI-assisted exploitation of vulnerabilities.

Deliver Evidence for Governance and Oversight

Boards and executives are now directly accountable for cyber risk governance. To exercise that responsibility, they need trustworthy, timely data about the organisation’s ongoing control effectiveness and vulnerabilities in a changing threat environment.

Objective, evidence-based reporting ensures informed decisions and demonstrates effective cyber risk management and compliance with evolving regulatory expectations.

Thwarting the AI-Equipped Attacker

In an increasingly automated world, businesses must evolve from working harder to working smarter. Like business operations more generally, cyber governance must transform. Two priorities stand out:

  1. Close control gaps fast. The responsiveness of IT and security risk management practices must match the speed and precision of AI-equipped adversaries.
  2. Maintain real-time visibility. Posture reporting must be accurate, timely, and comprehensive to support confident governance decisions.

Remaining static while threats accelerate is not an option and may even border on negligence. AI has permanently shifted the risk landscape. The organisations that succeed will be those that can respond to that change.

BLOG POSTS

Related Cybersecurity Content

Cyber Security Predictions for 2026

October 7, 2025

2026 will bring new challenges for CISOs and security teams. Explore Huntsman Security’s six predictions - from geopolitical uncertainty to Secure by Design practices - that will shape the year’s cyber landscape.

Read more

Patching is Too Patchy, Say NCSC, ACSC and Friends

September 10, 2025

This type of joint-advisory has become all too familiar – the cyber security community again urging organisations to mitigate known, and avoidable, security weaknesses and vulnerabilities. The recent release from NCSC, ACSC and their counterparts details  a number of frequently exploited attacks and identifies their originating source – foreign commercial entities. Organisations, particularly those in […]

Read more

Beyond Compliance: The Case for Continuous Threat Exposure Management

September 4, 2025

Organisations must transform their threat exposure management practices to stay in control of their cyber security and minimise risk of disruption. This shift is essential to meet the growing volume and velocity of disruptions driven by today’s increasingly volatile threat environment. Managing an effective cyber security posture is already a problem for many organisations. Limited […]

Read more

Retail Cyber Attacks: A Costly Wake-Up Call for Businesses

July 15, 2025

The recent retail ransomware breaches and what organisations must do next In recent months, UK retail giants Marks & Spencer, Co-op, and Harrods were all hit by significant cyber security breaches. These retail cyber attacks, reportedly involving ransomware and groups such as Scattered Spider and DragonForce, disrupted operations, sparked investigations by the UK’s National Cyber […]

Read more

Why the ACSC Essential Eight is Crucial for Meeting SOCI Cyber Reporting Obligations

June 30, 2025

Organisations subject to Australia’s Security of Critical Infrastructure Act 2018 (SOCI) face a tough challenge: how to meet strict cyber incident reporting timelines while juggling a mix of governance frameworks, operational pressures, and technical controls. While the SOCI legislation enables organisations to choose from a range of cyber security frameworks to meet their obligations—such as […]

Read more

Think about your cyber security transformation

May 5, 2025

More cyber security breaches, this time in the finance, judicial and most recently the superannuation sectors. There have been ongoing warnings from ASIC and other regulators for organisations to prioritise their cyber resilience management. ASIC even repeated in Nov 2024, that poor cyber security protection that threatened consumer data was an enforcement priority for them […]

Read more

In 2025 we predict: The disruption in the SIEM market will lead to adjustments in cyber security strategy

February 17, 2025

20 years ago, there was widespread adoption of traditional Security Information and Event Management (SIEM) solutions. Its proven capabilities have meant SIEM is now an integral part of the security stack for most organisations. The SIEM market has since evolved, with an expansive range of functionality now available to meet customers’ needs. Next-Gen SIEMs, the […]

Read more

Operational resilience deadlines loom

February 3, 2025

Operational Resilience (OpRes) has been in the news a lot over the last few years. Advisories, white papers and conferences have all addressed the importance of cyber security resilience and its role in protecting the ongoing operations of enterprise. With almost every business function, in some way, reliant on your IT assets and data the […]

Read more

Cyber security observations from 2024 – we’re still rolling-the-dice

January 22, 2025

In 2024, we saw real progress with cyber security being recognised as a factor in organisational resilience. Senior executives and directors became increasingly aware of the need for its oversight. Yet, as we look in the rear-vision mirror back to 2024, we see organisations continuing to roll-the-dice when it comes to cyber security. As we […]

Read more

In 2025 we predict: A growing adoption of threat exposure management in large and small organisations

January 13, 2025

The effective management of cyber security is an increasing priority for organisations everywhere. For those familiar with risk management principles, cyber security is more than another operational risk to be dealt with. Meanwhile, for those with less cyber security awareness, the discipline of rules-based risk management frameworks and checklists will support the management process. The […]

Read more

SIGN UP TO RECEIVE CYBER SECURITY INSIGHTS

Read by directors, executives, and security professionals globally, operating in the most complex of security environments.