Trust and risk in the AI era
55% of organizations say the security risks for their business have never been higher, according to Vanta. Yet the average company only dedicates 11% of its IT budget to security — far from the ideal allocation of 17%, according to business and IT leaders.
Majority of companies do not provide opt-out for AI data training
The rapid adoption of AI only adds to the risks with phishing attacks (33%), AI-based malware (32%), and compliance violations (27%) increasing since AI has become far more prevalent in the last year.
While AI is becoming more mainstream, the way companies approach training their AI models and communicating their practices to customers is nascent and varies widely. 27% use only anonymized customer data while 31% of organizations use a mix of customer and synthetic data. And while 25% of organizations require customer opt-in to use their data for AI training, over 75% of companies don’t offer an opt out option.
With a growing reliance on third-party vendors and AI in business today, the security landscape has never been more challenging. At the same time, security leaders and their teams face an increasing compliance burden. Time spent on manual security compliance tasks increased to over 11 weeks in 2024 — up from 10 weeks in 2023.
65% of organizations say that customers, investors and suppliers require more demonstration of compliance than before. IT decision makers spend an average of 6.5 hours per week assessing and reviewing vendor risk.
50% organizations detect and respond to cybersecurity threats at least once a week, and 46% of organizations say that a vendor of theirs has experienced a data breach since they started working together with them. 62% agree that third-party breaches negatively impact their organization’s reputation.
37% organizations have or are currently conducting regular AI risk assessments, and 36% have, or are in the process of, implementing a company AI policy.
Security and compliance issues vary significantly across timezones
Despite all countries continuing to grapple with the unique set of security and compliance challenges, the survey findings illustrate the vast differences experienced across timezones.
48% of US organizations have had a vendor experience a data breach since they started working with them — the highest of all markets surveyed. Organizations in the UK spend the most time on compliance tasks —12 weeks a year versus 10 weeks in 2023. Companies in Australia have the least insight into vendor risk, with only 17% having “strong” visibility.
US companies are most concerned around internal use of AI and the risks it poses for the security of the organization (53%).
55% of organizations in the UK have increased their investment in AI for security operations, 10% more than the US and 18% more than Australia. Only 28% of companies in Australia have, or are in the process of putting, a company AI policy in place — the lowest of all markets.
As the security expectations of customers grow, leaders recognize the business value of investing in building and demonstrating trust. 48% believe good security practices drive customer trust while 46% recognize that good security practices lead to reduced financial risks.
When used in the right way, AI and automation can help security teams increase efficiency, free up time for strategic work and deliver more business impact. On average, security teams could save between 3-5 hours a week by automating activities like user access reviews, employee management and answering security questionnaires. 44% of organizations say that their investment in automation for security operations has increased over the past year.
“To uphold trust in an AI world, security leaders need to go beyond the standard way of doing things,” said Christina Cacioppo, CEO, Vanta. “They need to make trust continuous, collaborative and automated across their business. Trust management allows organizations to reduce risk, build customer confidence, and accelerate revenue growth.”
Conducted by Sapio Research on behalf of Vanta, the State of Trust Report 2024 surveyed the behaviors and attitudes of 2,500 business and IT leaders across the US, UK and Australia, to uncover the latest trends shaping security and compliance.