NZ Businesses Report Surge in AI-Related Security Incidents

The Kordia survey highlights a cultural shift in how employees interact with generative AI tools. As organizations accelerate AI adoption, many staff members bypass IT controls, copying confidential data into chat‑based platforms without understanding the security implications. This “shadow AI” behavior creates novel data‑exfiltration pathways that traditional security solutions struggle to monitor, explaining the rapid climb from 16% to 24% of firms citing it as a top‑three risk. The trend mirrors global patterns where rapid AI diffusion outpaces governance frameworks, leaving organizations exposed to unforeseen threats.

Beyond the rise in shadow AI, the data reveal a concerning uptick in AI‑specific attack vectors. Incidents exploiting AI model vulnerabilities more than doubled, reaching 14% of reported breaches in 2025, while overall incident counts fell. Attackers are leveraging prompt‑injection, model poisoning, and credential harvesting to extort victims, with 19% of affected firms facing financial demands and 42% opting to pay. The secondary costs—insurance claims, regulatory fines, and legal actions—underscore the broader economic impact, pushing security budgets toward AI‑aware defenses and incident‑response capabilities.

For businesses, the findings signal an urgent need for robust AI governance. Implementing clear policies on approved tools, enforcing data‑loss‑prevention controls for AI interfaces, and training staff on the risks of unsanctioned usage are essential first steps. Moreover, integrating AI‑specific threat intelligence into security operations centers can help detect anomalous model interactions before they translate into breaches. As New Zealand regulators tighten data‑privacy expectations, firms that proactively manage shadow AI will gain a competitive edge, reducing exposure to extortion, operational downtime, and costly compliance penalties.