AI-based cyber attacks are surging, and calls are growing for a fundamental change in how corporate leaders respond.

Harvard Business Review's online edition, citing IBM research on April 7, said cyber attacks targeting externally accessible software and system applications rose 44 percent in a year. Many were linked to AI-based exploitation of vulnerabilities.

The average cost of an AI-based data breach stands at $4.88 million. An Accenture survey found 77 percent of companies do not have basic data and AI security systems needed to protect core technology infrastructure.

Hise O. Gibson (하이즈 O. 깁슨), a retired soldier and an instructor in the Technology and Operations Management unit at Harvard Business School, said the VUCA framework of volatility, uncertainty, complexity and ambiguity is no longer valid in the AI era. He said new leadership is needed for a BANI environment of brittleness, anxiety, nonlinearity and incomprehensibility.

AI attacks do not follow predictable patterns, spread faster than humans and occur without warning signs, he said. He added that an ACTS leadership framework is needed to overcome them.

The core is to assume breaches are inevitable, cultivate AI understanding at all leadership levels, tie AI investment to core business and strengthen governance.

He cited real-world cases. During the 2017 NotPetya malware attack, FedEx minimised damage thanks to prior training, while MGM Resorts suffered about $100 million in lost revenue in a ransomware attack that began with a 10-minute phone scam in 2023. Gibson said the cause was not technical failure but a lack of leadership readiness.