CPA Australia has cautioned that the accelerating use of AI by businesses may bring new cybersecurity risks.
The warning comes after findings from CPA Australia’s latest Business Technology Report 2025 highlighted that 18% of Australian businesses reported experiencing loss of time or money because of cyber incidents over the past year.
The report, which surveyed 1,117 accounting and finance professionals throughout the Asia-Pacific region, points to a particular vulnerability among smaller businesses.
CPA Australia business investment and international lead Gavan Ord said: “As AI tools become more integrated into financial systems and workflows, they also create new cybersecurity vulnerabilities that businesses must proactively manage to avoid substantial financial and reputational damage.”
The survey reported that 14% of Australian companies were found to have what were described as inconsistent or mostly reactive approaches to cybersecurity policy.
Results indicate that Australian companies are marginally better prepared than the Asia-Pacific average.
Ord said that businesses should not become complacent, particularly those that are beginning to incorporate AI tools into their operations.
He added: “Australian small businesses generally lag in technology adoption compared to Asian markets, but the good news is that investment in AI is now accelerating. However, it is vital this is matched by investment in cybersecurity.”
According to the report, 71% of Australian businesses plan to further integrate AI into their activities by 2026.
While this trend is expected to benefit productivity, Ord expressed concern that the reliance on digital technology over the next couple of years could leave more companies exposed to online attacks.
He said: “Used correctly, AI will help boost business productivity and inspire growth, but there are also questions about its vulnerability to emerging online threats. The last thing a business needs is a major investment in technology opening the door to criminals.
“While AI can be game-changing for businesses, it is also arming cybercriminals with even more sophisticated tools. It is enhancing their existing tactics and creating new avenues for online scams and attacks.”
Even among larger organisations with more established systems in place there was a higher likelihood of reporting losses due to cyber incidents, the report said, indicating that no business is immune from these challenges.
In response to these risks, CPA Australia is advising businesses to revisit and update their cybersecurity protocols; ensure basic protections such as firewalls and multi-factor authentication are in place; frequently educate staff about good cyber practices and bring awareness about phishing attempts; and consult with qualified professionals for guidance.