AI and cyber security investments must go hand in hand, CPA Australia says

As AI tools become increasingly integrated in businesses’ day-to-day workflows, CPA Australia has urged firms to review and invest in their cyber security protections.

The industry body’s 2025 Business Technology Report revealed that 14 per cent of Australian businesses had a “concerning” lack of cyber security, leaving them vulnerable to financial and reputational damages.

“While AI can be game-changing for businesses, it’s also arming cybercriminals with even more sophisticated tools. It’s enhancing their existing tactics and creating new avenues for online scams and attacks,” Gavan Ord, CPA Australia’s business investment and international lead, said.

“Financial data is a prime target for criminals, so businesses must ensure their systems, processes and people are prepared to defend against these evolving threats.”

CPA’s report found that 18 per cent of Australian businesses had lost time or money due to a cyber incident over the past year. At the same time, 71 per cent of Australian businesses planned to increase their use of AI in 2026.

The industry body said the growing uptake of AI was a welcome development for productivity, but urged businesses to make sure they invested in commensurate cyber security measures to manage the heightened risks that came with AI.

“Australian small businesses generally lag in technology adoption compared to Asian markets, but the good news is that investment in AI is now accelerating. However, it’s vital this is matched by investment in cybersecurity,” Ord said.

“Used correctly, AI will help boost business productivity and inspire growth, but there are also questions about its vulnerability to emerging online threats. The last thing a business needs is a major investment in technology, opening the door to criminals,” Ord said.

To directly tackle the risk of cyber breaches, CPA Australia urged businesses to review and update their cyber policies, implement basic protections such as multi-factor identification and regularly train staff on cyber hygiene and phishing.

“Cyber criminals target weaknesses, not size,” Ord said.

“For small businesses, a single breach can be devastating. The need to secure sensitive data and information has never been more urgent. Prevention is more cost-effective than recovery.

As AI tools become more commonplace, CPA reiterated the importance of maintaining human control over processes and outcomes.

“AI offers powerful insights, but it must be paired with human oversight and strong governance to reduce cyber risks and biased or flawed outcomes,” Ord said.

“Implementing robust cybersecurity measures is now as essential as having modern IT systems. Without these protections, businesses risk losing clients, revenue and most importantly, their reputation.”