Cybersecurity Awareness Month: Defending Against AI Risks

October is Cybersecurity Awareness Month – and this year its purpose is more relevant than ever.

With major global brands hit by a spate of cyber attacks – from JLR to M&S and Asahi to Harrods – not only are the nature of cyber threats evolving, but the volume of incidents, particularly those the public are aware of – are rising.

The rising influence of AI-driven risks and quantum computing challenges are also posing problems. 

As organisations face growing attack surfaces – including shadow AI exploitation and supply chain vulnerabilities – heightened vigilance and updated defense strategies are a necessity.

The fundamentals of cybersecurity

While advanced technologies like AI agents and quantum cryptography introduce new challenges, cybersecurity basics remain crucial. 

Strong passwords, multifactor authentication, timely updates and scam awareness are all foundational defenses that protect both individuals and enterprises. On top of this, real-time behavioral coaching is emerging as a more effective complement to traditional annual training.

Beyond technology, however, a cultural shift towards harnessing rather than avoiding risk fosters better collaboration and innovation is emerging. 

Board-level accountability and layered risk management become business imperatives, with forensic logging, phishing-resistant MFA and post-quantum cryptography readiness providing critical layers of resilience heading into 2026.

The importance of Cybersecurity Awareness Month

Cybersecurity Awareness Month reemphasises how the cyber threats landscape continues to evolve and the importance of proactive defence. 

As cyberattacks continue to become increasingly sophisticated – fuelled by AI advancements and emerging quantum risks – this month highlights practical steps to build strong digital hygiene. 

By fostering a security-conscious culture, Cybersecurity Awareness Month helps reduce human error, enhance resilience and protect vital infrastructure, making cybersecurity everyone's responsibility year-round.

Cybersecurity Awareness Month: The experts’ take

Anand Kashyap, CEO and Founder of Fortanix, says: “In recognition of Cybersecurity Awareness Month, we urge CISOs and security leaders to elevate their vigilance – not only against the expanding attack surface introduced by shadow AI and latent vulnerabilities in data pipelines and models, but also toward the imminent cryptographic threats posed by quantum computing. 

“As AI increasingly underpins business functions – from customer interactions to code generation – the risks of unmanaged model use, data leakage and supply-chain tampering demand stronger governance, encryption at rest, in motion, in use and model integrity assurance, all grounded in a robust AI Risk Management Framework. 

“Simultaneously, the quantum era is not a distant concern – today’s encrypted data is susceptible to “harvest now, decrypt later” attacks, making post-quantum cryptography and crypto-agility urgent and essential pillars for future-proofing sensitive information.

“Forward-thinking organisations should begin inventorying their cryptographic footprint, prioritising long-life data, exploring NIST-standard PQC algorithms like ML-KEM and ML-DSA and embedding flexibility into encryption systems now.”

SentinelOne AI and Cloud Security Evangelist Chris Hosking adds: “Cybersecurity Awareness Month is not just a time to celebrate AI breakthroughs, but a reminder that innovation without security can undermine the very progress AI promises to deliver. 

“This risk is heightened by the sudden rise of AI agents, which are reshaping cybersecurity faster than most organisations can keep up. The question is no longer how to use agents, but how to secure them. 

“Agentic AI has moved rapidly from theory to reality, but unless controls keep pace, innovation without security can compromise the safety and security of operations. 

“As security teams develop AI-powered lines of defence, attackers are weaponising the same advancements.”

Jacki Muir is Director ID Support NSW at NSW Department of Customer Service.

She says: “The reality is online safety requires constant vigilance, but with a few simple steps you can stay ahead of cybercriminals. 

“Strong passphrases, regularly updating your device, turning on multi-factor authentication and always thinking before you click can keep you safe from those looking to take what is yours. 

“This Cyber Security Awareness Month we are urging the public to think about how secure they are online and to revisit any safety protocols that may be out of date.”

Karl Holmqvist, Founder and CEO at Lastwall, also shares his thoughts as Cybersecurity Awareness Month kicks off.

He says: “The job this year should be about moving the few levers that bend risk fastest under real-world constraints. 

“As we vector into 2026, try to start where the adversary does. Require routers, VPNs and firewalls to produce forensically capable logs and prove you can pull them. Harden identity, especially where friction pays. Make phishing-resistant MFA mandatory for admins and all critical systems. Shorten token lifetimes and bind sessions to devices. 

“Where you need to, allow exceptions, but log and expire them quickly. To borrow a phrase, measure what matters. Build and then improve change-latency metrics. Awareness is the start, but readiness is proof. 

“Organisations that practice identity integrity, edge evidence and cryptographic agility will have an easier time navigating 2026. For most, there is a lot to change. For many, it won’t be easy to do all these things, which is why it is important to start taking the action you can now. 

“Don’t wait until it’s too late.”

Netskope Threat Labs research finds that while Gen AI platform usage among enterprise end-users increased by 50% in the three months ending May 2025, more than half of this adoption came through shadow AI, in which users ignored approved systems and policies – something they were doubtless explicitly warned against in that annual training.

Netskope’s Vice President of UK & Ireland, Colette Kitterhing, adds: “Most organisations still rely on annual training to raise cybersecurity awareness. But vulnerabilities arise in the gaps between formal sessions, when employees are focused on getting work done and potentially prepared to sidestep company tools and guidelines. 

“The surge in Gen AI use is a timely example of this. So while Cybersecurity Awareness Month is never a bad thing, real-time continual coaching is significantly more effective.

“For organisations, the priority should be to embed coaching into daily workflows, guiding people towards approved tools and safer practices without slowing them down.  It’s a more balanced approach: protecting data while enabling workplace innovation to continue.”

Elyse Gunn, CISO at Nasuni, continues this sentiment.

She says: “The greatest innovation in cybersecurity today is not a tool or a technology. It’s a cultural shift – a deliberate move to harness risk rather than avoid it. That means saying, 'Let’s see how we can make this work, safely and with the right controls,' instead of defaulting to no. 

“This mindset does more than reduce risk – it builds competitive advantage. 

“When teams know they can bring ideas to the CISO and be met with an open mind, it builds trust and unlocks collaboration. Security becomes a partner in innovation and progress. 

“The alternative? Shadow IT, insecure workflows and risks that surface only after damage is done. Saying no does not eliminate risk; it simply drives it underground."

Jack Cherkas, Global Chief Information Security Officer at Syntax, continues: “In an era of Gen AI, automation, quantum computing and advanced security platforms, it’s tempting to believe that only the latest technology can keep you safe online.

“The fundamentals – strong passwords, multi‑factor authentication, timely software updates and scam awareness – remain the most consistently effective defenses for both organisations and individuals.

“For businesses, these basics safeguard operations and reputation – for individuals, they protect finances, privacy, and daily life. 

“Getting them right is the cornerstone of cyber resilience and the foundation for safe innovation.”

Kevin Landt, VP of Product, Cybersecurity at Thrive, says: “Responsibility for cybersecurity in an organisation is no longer confined to the IT team – it’s now a major business imperative at board level. 

“The risks presented by a breach can be catastrophic and, with attack methods rapidly evolving due to innovations in AI, the consequences of a successful incident can be both financial and reputational in nature. 

“To prepare for what now seems to be an inevitable reality, organisations need to take a layered approach that incorporates an initial assessment of potential vulnerabilities, effective controls to manage risk and defined roles and responsibilities to identify potential threats and respond effectively to an incident. 

“Humans unfortunately remain the weakest link when it comes to cyberattacks. The good news is that more effective training strategies are starting to be implemented, which train staff on how to spot potential risks and emerging threats such as deepfakes and AI-driven attacks. 

“Businesses are also able to fight fire-with-fire by adopting AI-powered solutions, such as tools to spot AI-created phishing emails, in order to ensure they keep pace with the evolving techniques adopted by bad actors. 

“By focusing on training, technologies and carefully selected partnerships, businesses can move from a reactive to proactive stance, with the resilience to respond effectively, recover quickly from events and protect their data and operations.”