Facebook Twitter Linkedin

Building a Business Culture of Cyber Awareness in the Age of AI

Building a Business Culture of Cyber Awareness in the Age of AI

By Dr. Kimma Wreh | D. Eng, CISSP, CIA, CIPM

Technology is moving fast and so are the threats. Artificial intelligence is transforming how
we work, but it’s also giving cybercriminals new tools to scale their attacks. Deepfakes,
automated phishing, AI-generated malware are common. What used to take hours now
happens in seconds. In this environment, firewalls and software alone aren’t enough. The
strongest defense is a workforce that knows how to spot the signs and respond with
confidence. That’s where cyber awareness becomes a business culture, not just a training
program.

The Real Risk Isn’t Always Technical
Most breaches don’t start with a system flaw. They start with a human one: a click, a
shortcut, a moment of distraction. The rise of AI-powered scams means employees are now
being targeted with emails that sound like their boss, videos that look real, and messages
designed to manipulate trust. If your team isn’t aware, your security tools won’t be enough.

In early 2024, Arup (a renowned British engineering firm behind the Sydney Opera House and
London’s Crossrail) fell victim to a deepfake scam in its Hong Kong office. An employee
received a video call purporting to be from the company’s CFO, accompanied by fake images
and voices of other executives. Believing the call was genuine, the employee authorized a
series of wire transfers totaling approximately HK$200 million (about US $25 million) to
multiple bank accounts. The only real person on the call was the victim (The Guardian, 2024).

Cyber awareness isn’t just about policies or occasional training. It’s a mindset shift. It’s
building habits and accountability into daily routines just like safety gear on a construction
site or handwashing in a hospital.

Leaders Must Go First
Culture starts at the top. If executives treat cybersecurity like an IT issue, employees will too.
If leaders model secure behavior, report suspicious messages, and support ongoing training,
they send a clear message: security is everyone’s responsibility.

Practical Steps to Strengthen Cyber Culture

Hold regular check-ins. Share real incidents without blame. Make room in the agenda for
brief security tips. These small, visible acts make a big impact on team behavior.

  1. Train often, not once. One-time annual training isn’t enough. Reinforce concepts
    through short monthly sessions, phishing simulations, or weekly security tips.
  2. Simplify reporting. Make it easy and safe for employees to report suspicious emails
    or behavior. No fear, no shame, just fast action.
  3. Talk about AI threats. Teach your team how AI can be used to impersonate voices,
    craft realistic messages, or scrape personal data. Awareness is the first line of
    defense.
  4. Celebrate smart choices. Recognize employees who avoid a scam or flag a threat.
    Positive reinforcement goes a long way in shaping habits.
  5. Secure your third parties. Your vendors and partners are part of your ecosystem.
    Make sure they follow basic cyber hygiene, too.

    Key Takeaway: Cyber Awareness Is a Competitive Advantage
    Organizations that build a strong culture of cyber awareness don’t just reduce risk. they build
    trust with customers, partners, and regulators. In the age of AI, that trust is a currency.
    We don’t need to fear AI. But we must understand how it’s changing the game. We must
    respond by making cybersecurity a shared mindset instead of a checklist.

    References
    CFO. (2024, February 7). Scammers use deepfake video of CFO to steal $25 million.
    https://www.cfo.com/news/deepfake-cfo-hong-kong-25-million-fraud-cyber
    crime/706529/

    Federal Bureau of Investigation. (2025). Internet Crime Report 2024.
    https://www.ic3.gov/Media/PDF/AnnualReport/2024_IC3Report.pdf

    McAfee Labs. (2025). State of the Scamiverse 2025.
    https://www.mcafee.com

    MIT Media Lab. (n.d.). Detect fakes. MIT Media Lab.
    https://www.media.mit.edu/projects/detect-fakes/overview/

    The Guardian. (2024, May 17). UK engineering firm Arup falls victim to £20m deepfake
    scam. https://www.theguardian.com/technology/article/2024/may/17/uk-engineering
    arup-deepfake-scam-hong-kong-ai-video

    About Dr. Kimma Wreh
    With cybercrime losses surpassing $10 billion in 2023, digital risk is now a business issue,
    not just a tech one. Dr. Kimma Wreh, a leading cybersecurity strategist and bestselling
    author, is helping executives and everyday users alike understand how to stay secure in
    today’s threat landscape. With over 15 years of experience advising companies like Hewlett
    Packard Enterprise and ExxonMobil, Dr. Wreh has led cybersecurity programs across 80+
    government agencies and trained 18,000+ professionals globally. Her latest books, Intro to
    Cybersecurity: Guide for Beginners and Cyber Scams: Don’t Be a Victim, are equipping
    business leaders, entrepreneurs, and remote workers with the tools to protect their data,
    finances, and reputations.

    Need help training your team or protecting yourself from online scams?
    Contact – Kimma Wreh

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright (c) 2024 Excel Tekay LLC