AI boom fuels new wave of cybersecurity threats, CPA Australia warns

• Increased use of AI comes with heightened cybersecurity risk
• Almost one in five businesses report cyber breach in the last year
• Investment in AI must be matched by enhanced cybersecurity protections

The rapid rise of artificial intelligence (AI) could expose businesses to a new wave of cybersecurity threats, warns Australia’s largest accounting body, CPA Australia.  

CPA Australia is therefore urging businesses – particularly small businesses – to review and strengthen their digital defences or risk devastating data breaches and financial loss. 

The call follows findings in CPA Australia’s Business Technology Report 2025 which found that almost one in five businesses in Australia (18 per cent) have lost time or money due to a cyber incident in the past year, with most businesses set to increase their investment in AI tools going into 2026. 

"As AI tools become more integrated into financial systems and workflows, they also create new cybersecurity vulnerabilities that businesses must proactively manage to avoid substantial financial and reputational damage,” said CPA Australia’s Business Investment and International Lead, Gavan Ord. 

“Cybersecurity isn’t optional – it’s essential. Smaller businesses are especially vulnerable due to limited resources and cybersecurity expertise.” 

The report, based on a survey of 1,117 accounting and finance professionals across the Asia-Pacific, identified a concerning lack of cybersecurity amongst 14 per cent of Australian businesses who were described as having inconsistent or mostly reactive cyber policies. 

While Australian businesses performed slightly better than the Asia-Pacific average, Mr Ord cautions against complacency and urges small businesses to invest in their online protection as much as possible, especially if they are also beginning to use AI tools. 

“Australian small businesses generally lag in technology adoption compared to Asian markets, but the good news is that investment in AI is now accelerating. However, it’s vital this is matched by investment in cybersecurity,” he said. 

“Used correctly, AI will help boost business productivity and inspire growth, but there are also questions about its vulnerability to emerging online threats. The last thing a business needs is a major investment in technology opening the door to criminals.” 

CPA Australia’s Business Technology Report shows that 71 per cent of Australian businesses plan to increase their use of AI in 2026. Mr Ord says this is encouraging from a productivity perspective, but he is concerned that the next couple of years may bring a spike in the number of businesses falling victim to online attacks. 

“Australian businesses have now caught the AI bug,” said Mr Ord. “They are now the most likely among the surveyed markets to be planning AI investments in 2026. 

“While AI can be game-changing for businesses, it’s also arming cybercriminals with even more sophisticated tools. It’s enhancing their existing tactics and creating new avenues for online scams and attacks.  

“Financial data is a prime target for criminals, so businesses must ensure their systems, processes and people are prepared to defend against these evolving threats.” 

Despite having more mature systems, larger businesses are more likely to report losses from cyber incidents, the survey found, underscoring the widespread risk. 

“Cyber criminals target weaknesses, not size,” Mr Ord said. “For small businesses, a single breach can be devastating. The need to secure sensitive data and information has never been more urgent. Prevention is more cost-effective than recovery. 

“AI offers powerful insights, but it must be paired with human oversight and strong governance to reduce cyber risks and biased or flawed outcomes. 

“Implementing robust cybersecurity measures is now as essential as having modern IT systems. Without these protections, business risk losing clients, revenue and most importantly, their reputation.” 

CPA Australia four key recommendations for businesses: 

1. Review and update cybersecurity policies 
2. Implement basic protections like firewalls and multi-factor authentication 
3. Regularly train staff on cyber hygiene and phishing 
4. Seek expert advice to boost resilience 

CPA Australia urges businesses to engage with the Australian Cyber Security Centre’s Essential Eight, explore free government-funded training run by CyberWardens and consult qualified advisers to ensure they’re protected. 

Media contact

Simon Downes, External Affairs Lead
[email protected]
+61 0401 461 503