The human risk of AI: Why your business can’t afford to ignore it

Wednesday 17 September 2025 - Citation Cyber

AI is making waves in workplaces worldwide. You’re possibly using ChatGPT or CoPilot in your business. You may even have an Agent or two. If so, you’re no doubt seeing and feeling the benefits – quicker tasks, better decision-making, new efficiencies.

But do you know the risks for your business? As powerful as AI is, it can amplify human risk. People are the biggest vulnerability in your supply chain and AI gives cybercriminals fresh methods to exploit human error.

Our partners at Citation Cyber work closely with businesses to help them spot risks and strengthen their resilience. Here are some of tips on AI in the workplace and what you need to know.

Overreliance on AI tools

AI should assist not replace human judgement. But when workers and workplaces are busy, it’s easy to take AI outputs at face value.

  • A report drafted by AI assistants may have subtle errors that nobody picks up on
  • Staff using tools like ChatGPT to create emails or presentations might have paste sensitive information not knowing it can be shared outside the business
  • Hackers use AI's strengths as ways to enhance attacks - speed, automation, data analysis, and anonymity

The risk for your business? Errors, leaks, and compliance breaches you could've avoided.

Social engineering and AI-powered scams

Traditional phishing emails were often poorly written, full of mistakes, and sent from suspicious domains making them easier to spot. With AI? The game’s changed completely.

  • Deepfake voices and videos: Fraudsters can impersonate CEOs or suppliers to approve fake payments. Criminals used deepfake video calls to steal over £20m from a UK engineering firm.
  • Automated, personalised phishing: AI scans publicly available data from LinkedIn, company websites, and social posts to create emails that look and feel real. Emails could use your manager’s name, mimic their language, and even reference a real company activity. But links lead to fake login portals to steal your credentials and access confidential information.#
  • Evolving malware and data poisoning: AI is speeding up how quickly attackers can create new malware or corrupt business data.

The risk for your business? Scams are harder to detect, even for experienced staff.

Why awareness training matters more than ever

AI doesn’t mean your staff can be less vigilant. It’s means they need to be more vigilant than ever. Phishing attacks were responsible for 85% of attacks on businesses in 2024 according to the UK government.

Awareness training for your staff is your first line of defence. Simple steps like:

  • Think before you click
  • Check the sender's email
  • Hover over links (don't click straight away)
  • Report any suspicious activity
  • Use strong passphrases and MFA

Make sure you build a culture where staff can spot any red flags.

Practical steps you can take today

  • Educate and train your team: Regular, engaging awareness training and sessions on AI threats like deepfakes and phishing.
  • Multi-factor authentication (MFA): For extra protection even if any credentials are stolen.
  • Robust policies: Make sure you have clear rules on what data can and can't be shared with AI.
  • AI monitoring: Keep track of how people are using AI and asses the risks regularly.
  • Simulations: Test your staff with realistic phishing attempts to build confidence and resilience. 

Ready to test your cyber resilience? 

Not sure where to start when it comes to cyber security or just want to identify your blind spots? Complete our quick Cyber Security Risk Assessment Survey

It takes just five minutes and could help you uncover critical vulnerabilities before attackers do.

START THE SURVEY NOW

As a valued BSIA member, you get exclusive access to preferential rates for Citation Cyber’s services — just use the code ‘BSIAMEMBER’ when you reach out. Click here to speak to an expert.