Barely half (56 per cent) of Canadian CEOs believe their companies are prepared for a cyberattack today, with more than nine in 10 (93 percent) worried that the emergence of generative artificial intelligence (AI) will make them even more vulnerable to breaches, finds KPMG International’s latest CEO Outlook.

The results mirror findings of KPMG in Canada’s Private Enterprise™ Business Survey, which found 81 percent of small- and medium-sized business (SMB) respondents agree that generative AI is a “double-edged sword” that could help their organization better detect and respond to cyber threats while simultaneously increasing the number of cyberattacks by providing new attack methods for criminals.

More than one-third of Canadian CEOs who said their organizations are underprepared for a cyberattack say the primary cause is outdated technology systems or infrastructure, followed by increasing sophistication of cyber criminals and a lack of investment in cyber defences. Less than five percent said their organization is “very well prepared” for a cyberattack.

While some CEOs see generative AI playing a role in improving their cybersecurity programs, that role appears to be minor, with risks clearly outweighing benefits, according to respondents. Only eight percent of CEOs cited improved cyberattack response capabilities as a benefit of implementing generative AI at their organizations. By contrast, one-quarter of CEOs said compliance and security issues – such as AI-armed adversaries – pose a challenge to implementing the technology, with 68 percent of small- and medium-sized enterprises agreeing.