“Anyone could actually use ChatGPT to write up a phishing kit, or they can actually go to GitHub and download a phishing kit,” he said during Cyber Daily’s “The State of Trust: Navigating the future of compliance and security” webcast.

Haw adds that these methods have “actually accelerated those attacks through the use of AI”, to the point where what once took weeks, now takes days.

This rise has had very real results, with Haw adding that the risk increase has been dramatic in just the last year.

“The risk has elevated from 55 per cent last year to 72 per cent. That’s a dramatic increase, right? And the biggest challenge or threat I’m seeing is that in a week, organisations will be experiencing 56 per cent of a threat happening. It’s like you’re going to have a threat attack at least once in a week. And if you span it across a month, the expectation is you’re getting a 76 per cent chance of being attacked,” he said.

Backing this up is that Vanta’s report found 72 per cent of security decision-makers in the survey say risk has never been higher.

However, company budgets aren’t keeping up with the increased threat.

Tony Vizza, founder and managing partner of Novera, said companies are often balancing budgets on other priorities.

“Cyber’s not the only risk they’re dealing with. So often they’re needing to balance where they spend to mitigate an organisation’s risk,” he said.

“And it could just so happen that in one particular year, cyber may not be the priority, or AI risk may not be the priority.”

Vizza added that there has been a shift towards solving the risk on a wider scale with government regulation, which companies need to ensure they comply with.

“There’s a lot of impetus from people generally who are sick of having their information divulged publicly and ending up on the dark web. So there is more of a call to action to actually solve this as a risk,” he said.

“We’re seeing that take place. There’s a lot of guidance that comes from bodies to say, look, you need to be doing more in your cyber. If not, we’re gonna start chasing you.

“So the answer I think would come down to ensuring that people who work in this space can communicate the benefit of what they’re doing to the board, so they understand that, look, you’re gonna spend this money, we’re asking for this money, but this is the outcome we are gonna get in terms of risk management and risk mitigation.”

Vizza highlighted that this is still a difficult conversation to have with boards, as they have an exact view of what cyber is and what tools they can get to fight threats.

“But if it’s explained in a way that shows to the business what we are doing, and the fact that it underpins every single business out there today, and the importance of that risk management, then they’re more likely to get that buy-in,” he said.

The other deterrent to growing budgets is the limitations businesses face in the current economic climate, meaning getting funding to fight cyber threats only becomes more difficult.

“A lot of organisations are doing it tougher. And we accept that. So it becomes incumbent on us to make a really compelling business case as to that extra spend,” Vizza said.