Almost a third of businesses are worried about AI-powered malware hitting their operations in the year ahead, according to a survey released by cybersecurity firm ESET. Generative AI topped the survey’s list of what businesses perceived to be a threat. However, ESET data indicates that generative AI has not been linked to security breaches in any meaningful way. Close to two-thirds of businesses said they expect a cyber attack in the coming year, while 44 per cent said they had been subject to a cyber attack at least once over the past 12 months. According to ESET, phishing was responsible for 27 per cent of security breaches, making it the most-common cause of breaches. This was followed by breaches that took advantage of unpatched software and weak passwords. Phishing involves criminals sending emails to people or organisations purporting to be from reputable sources to access sensitive information. It is a significant driver of invoice-redirection fraud and does not involve AI malware, according to ESET.However, the report noted that AI has made a difference in that it has “stripped out the clumsy spelling and obvious fakes” that used to give the emails away. Now, by using AI, attackers can fire off thousands of equally convincing versions in minutes. “Irish businesses are bracing for a Hollywood version of cybercrime while the side door is left wide open,” said George Foley, cybersecurity specialist for ESET Ireland. “The attack that empties your account is not some self-driving AI super-virus. It is the same dodgy invoice email we have warned about for years, except now it is word-perfect and there are thousands of them,” he added.Foley advised businesses to “spend your worry, and your budget, on the basics”. “Train your staff to pause before they pay, keep your systems patched and stop reusing passwords. That is what stops the money walking out the door.”Additionally, the ESET survey found that 71 per cent of businesses now use AI tools, but only 57 per cent have any policy on how staff use them. The report said this has created a gap where “shadow AI” lives, referring to employees feeding company information into unapproved tools. ESET surveyed 4,400 organisations across 13 countries.