The dual challenge of AI innovation and risk management in Japan

The dual challenge of AI innovation and risk management in Japan

How Japan balances AI-driven opportunities with cybersecurity needs

  • For Japan, the integration of AI in various sectors shows a promising blend of innovation and caution.
  • The significant shortage of cybersecurity professionals in Japan underscores urgent and strategic responses to this growing gap.

Organizations and governments worldwide, including Japan, face the dual challenge of mitigating risks and embracing the rapid advancements in AI. This involves managing uncertainties while also accelerating innovation and adoption to reap the benefits of this transformative technology.

Japan’s unique position in AI

Although Japan is known for its cautious approach to risk, it is also renowned for its innovative contributions to technology, particularly in smart robotics and automotive AI. However, reports suggest that Japan’s prowess in AI-powered hardware does not equally extend to its software capabilities, making it reliant on foreign large language models for generative AI.

Japan faces unique AI development and adoption hurdles, including limited data availability and cultural attitudes towards business risk. These factors complicate the integration of AI technologies within traditional business frameworks.

A recent study by Barracuda, titled ‘SMB cyber resilience in Japan: Navigating through doubt to an AI-powered future,’ examines AI’s impact on small to medium-sized businesses (SMBs) in Japan. It reveals a mix of optimism about AI’s benefits and concerns about security, knowledge, and skill gaps.

The research underscores general optimism among smaller Japanese organizations about the positive effects of AI on business operations. The majority of these businesses anticipate that adopting AI solutions will lead to workforce reductions over the next two years—66% foresee fewer full-time employees, and 70% expect to rely less on freelancers and contractors. This trend is expected to lower costs and reduce the human resource demands on companies, though it also highlights a precarious future for workers in roles vulnerable to automation.

In addition to cost reduction, businesses expect AI to enhance operational efficiencies across various functions, including marketing and customer relations. Approximately 67% predict that AI tools will produce over half of their content soon, and 60% believe AI will become the primary interaction point for customers. Moreover, thanks to AI, 76% anticipate quicker and more accurate customer insights.

Strengthening cybersecurity through AI

On a broader scale, 65% of respondents are confident that AI tools can streamline their cybersecurity needs, reducing reliance on human security teams or third-party services. Given Japan’s acute shortage of cybersecurity professionals, integrating AI for automated threat detection and response is seen as essential for enhancing security across all business sizes.

Most organizations recognize the need for external assistance to fully leverage AI for business benefits. A significant majority of businesses surveyed—76%—indicate the necessity of partners for researching and exploring AI. The same proportion (77%) seek help with implementing AI solutions and managing these technologies on an ongoing basis. Security vendors and managed service providers in Japan are well-positioned to help smaller businesses exploit AI’s advantages.

The release of ChatGPT by OpenAI in November 2022 showcased the capabilities of generative AI tools in creating natural, engaging dialogues. Despite widespread attention, businesses exhibit cautious engagement with generative AI. Awareness does not equate to comprehensive understanding; 56% grasp the distinctions between generative AI and other AI types like machine learning, while 44% admit to limited or no understanding. Consequently, many Japanese companies impose restrictions on AI use due to potential risks.

Approximately 69% of businesses perceive risks with workplace generative AI usage. While 18% permit its use—6% broadly and 12% in limited team settings—62% do not officially sanction it, suggesting covert use that may heighten security risks. Concerns also include data protection (57% of respondents), the absence of regulatory frameworks (47%), and opaque AI decision processes (31%). Additionally, 13% fear AI systems being compromised by cyber attackers.

Risks of using generative AI

Risks of using generative AI (Source – Barracuda)

AI and cyber threat evolution

There’s notable uncertainty about AI’s role in evolving cyber threats. About 55% of businesses are unsure how AI could be utilized in email attacks, with similar uncertainty extending to denial-of-service (62%), malware (57%), API attacks (56%), and cyber espionage (55%).

Despite these uncertainties, email threats remain a prominent concern for Japanese small businesses, with 53% highlighting account takeover attacks as a top threat. This form of identity theft allows attackers to misuse accounts, potentially leading to phishing scams, data theft, and more. Other significant threats include phishing and social engineering (37%), with ransomware also critical (39% reported it as a top concern, predominantly initiated via email).

Cyber threats concerning businesses in Japan

Cyber threats concerning businesses in Japan (Source – Barracuda)

Survey participants generally understand the role of AI in fortifying cyber defenses, especially in areas like email security and employee cybersecurity training. However, there’s some ambiguity about AI’s effectiveness in other domains, possibly due to these areas being less familiar to smaller enterprises.

When asked which AI-enhanced security measures would improve their organizational safety, 36% pointed to AI-enhanced email security, especially against sophisticated threats like deepfakes. Another 24% believed AI could support more tailored, frequent training programs. The benefits of AI in continuous threat intelligence and response, as performed by Security Operations Centers (SOCs), were not as clearly understood.

The survey reveals a deficiency in AI-specific practices and policies needed for responsible AI usage. While 52% of businesses conduct employee training on AI use and vulnerabilities, only 35% have formal policies dictating AI usage. Even fewer have comprehensive governance structures in place, such as legal frameworks. This indicates a lack of control and management over AI applications within businesses.

The latest ICS2 Cybersecurity Workforce Study shows that Japan has nearly half a million cybersecurity professionals, a notable 23.8% increase from the previous year, contrasting with a global average of 8.7%. Despite this growth, the demand far exceeds supply, with a shortage of 110,254 professionals, marking a 97.6% increase year-over-year — significantly higher than the global average of 12.6%. This gap is unprecedented compared to other nations evaluated in the ICS2 study.

This macro perspective mirrors smaller businesses’ daily challenges, particularly with AI-driven cyber threats.

Makoto Suzuki, Regional Sales Director for Japan at Barracuda, highlights the survey’s findings: Japanese SMBs recognize AI’s benefits for enhancing business productivity but remain cautious about the cyber threats it poses. Suzuki notes, “This could hold businesses back from harnessing the full potential of AI to revolutionize business performance and competitiveness by optimizing processes, reducing costs, improving quality, and providing new insights and ideas.”