The State of AI for Businesses: Top Strategies and Risk Concerns


The State of AI for Businesses: Top Strategies and Risk Concerns

If you’re like us, you’ll probably have to admit that when generative AI first hit the scene, you used it mostly for tasks like writing hip-hop lyrics about business meetings in the style of Snoop Dogg or composing Shakespearean tragedies about the challenges of interdepartmental collaboration. But even those of us who first adopted generative AI with whimsy began to see very quickly just how powerful this new tool could be in the workplace.

The race is now on to strategically integrate generative AI and other AI tools in ways that allow businesses to keep up with and ideally outpace their competition. Already, 59% of businesses in the small to mid-sized class (i.e., < 1,000 employees) report that AI has made an impact on their business1.

Illustrating the primacy of AI in current business strategy, a recent study found that the #1 strategic initiative among small to mid-sized businesses for 2024 is to increase technology investments to automate and streamline operations2. In line with that focus, trends in AI use are beginning to emerge. These are the subject of the next section.

Top AI and Automation Strategies for 2024

Customer Service​

AI has already been a boon to customer service, with 63% of retail organizations now using some form of AI3. Use of AI can help businesses respond to customers more quickly, enhance personalization, and power greater efficiency in customer service. Chatbots are a common application of AI to customer service, providing 24/7 access to answers to common questions, product recommendations, and complaint resolution. Some businesses use AI to analyze customer feedback, allowing them to improve customer satisfaction and thereby build loyalty.


Another major area where AI can exert strategic leverage is operations. Businesses were quick to identify AI’s potential for improving their efficiency, productivity, and profitability, and over 40% of business leaders already report increased productivity through AI automation4. AI is being used by manufacturers to optimize production, to reduce costly waste, and to prevent profit-eroding downtime. AI can also help retailers to more accurately manage inventory, logistics, and delivery.

Data Analysis​

AI tools are also being used to support data analysis. AI can process and analyze large datasets to help businesses derive data-based insights and predictions, which support better decision making. For example, marketing departments are using AI to segment customers, forecast demand, and evaluate marketing campaign performance. Finance professionals are using AI to automate accounting processes and to detect fraud.

Product Development

AI is also showing promise in the area of product development. AI can help businesses with development of products and services that meet customer needs in innovative ways, enhancing competitive advantage. For example, AI can help product development teams to generate new ideas, to test prototypes, and to optimize features in alignment with customer expectations.

Human Resources

A business is only as good as its employees, and AI can help with this as well. Human resources departments are increasingly adopting AI to support their hiring and retention efforts. For example, AI can help to screen resumes to identify the best candidates for open positions, and it can even conduct interviews and evaluate candidates. AI can also support employee development and retention by helping managers to provide feedback, coaching, and training to employees.

Concerns About AI-Related Risk to Businesses

Although 62% of business leaders express excitement about AI’s potential, 30% report feelings of uncertainty and 10% are downright anxious5. A common concern relates to the potential risks of AI when used in the business context. In businesses with fewer than 1,000 employees, the top 3 concerns about AI are: (a) concerns about information security, (b) concerns about data privacy, and (c) unintended consequences6.

Concerns like these are well justified, as generative AI can pose serious risks without appropriate guard rails. Recommendations are:

AI Policy

It is well known among technology professionals that any use of shadow IT by employees poses a risk to data privacy and security. By “shadow IT,” we mean software and other technologies that are adopted by employees without the knowledge and approval of their company’s IT department. Beyond the risks created by shadow IT (e.g., ransomware attacks), generative AI can pose unique data privacy and security risks due to its use of input data to “learn.”

Because employees may input proprietary information, customer information, or employee information into generative AI tools, a clear AI policy is now a must-have for businesses. Before any use of generative AI for business purposes, a business should specify which AI platform(s) may be used, acceptable AI use, and unacceptable AI use.

Cybersecurity Assessment

Businesses that are uncertain of how integrating AI technologies into their infrastructure may impact security should consider obtaining a cybersecurity assessment from a qualified professional. A cybersecurity assessment helps businesses to better understand the state of their security posture, to identify any holes in their defenses, and to formulate strategies to patch any holes identified.

NexusTek is an early adopter of AI, offering expertise in risk management related to AI adoption, including AI policy and cybersecurity assessment.


Does your business need support to adopt AI tools effectively and securely?


  1. SMB Group. (2024, January 4). 2024 top 10 SMB technology trends.
  2. SMB Group. (2024, January 4). 2024 top 10 SMB technology trends.
  3. Hawley, M. (2023, October 2). 10 AI customer experience statistics you should know about. CMSWire.
  4. , Matleena. (2024, January 8). 27 AI statistics and trends in 2024. Hostinger Tutorials.
  5. (2024, January). Now decides next: Insights from the leading edge of generative AI adoption.
  6. SMB Group. (2024, January 4). 2024 top 10 SMB technology trends.

Share On Social


Cyber Risk & Your Supply Chain: Managing the Growing Threat


Cyber Risk & Your Supply Chain: Managing the Growing Threat

You’ve likely heard that employees are the top source of cyber risk for businesses. But when you imagine “employee error” resulting in a data breach at your company, does it occur to you that this might be one of your suppliers’ employees?

It could be. In fact, there is now a 70% chance that a cyberattack on one company was caused in some way by one of their suppliers1. Capitalizing on human error and a host of other vulnerabilities, threat actors increasingly exploit weak links in supply chains to gain access to bigger targets up the chain.

Understanding Supply Chain Cyber Risk

The increasingly digital nature of supply chain relationships has caused the associated cyber risks to skyrocket. Gartner predicts that by 2025, 45% of businesses will have experienced a cyberattack on their supply chain2. What this means is that your company’s own internal security practices are now only partial protection; a comprehensive security program must now include cyber risk management strategies that cover your supply chain.

But how to accomplish this? The National Institute of Standards and Technology (NIST) suggests that supply chain risk management involves “identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats”3. To create effective mitigation strategies, therefore, it is helpful to understand common attack vectors for supply chain attacks:

Credentials Theft: By using social engineering attacks (e.g., phishing, vishing), threat actors can trick employees into sharing their login credentials. Once a threat actor gains access to a supplier’s network using stolen credentials, they can leverage that access to infiltrate the target business’ network, circumventing its security defenses.

Software Infection: Threat actors may also use infected software to execute attacks—either by compromising the software development or the software distribution process—and inserting malicious code or backdoors into the software. This allows them to gain access to systems or networks of the software users, and steal data, disrupt operations, or cause damage.

Watering Hole Attack: A watering hole attack targets groups of organizations in a supply chain by injecting malicious code into websites that they commonly visit. The malicious code redirects users to a compromised website that hosts the threat actor’s malware. A watering hole attack is different from social engineering attacks, which trick users into clicking on malicious links or attachments. Instead, a watering hole attack takes advantage of users’ trust in the legitimate websites they usually visit.

Malware: Often introduced through attack vectors like those discussed above, malware may be used to further supply chain attacks. Threat actors may infect the devices or systems of one party in a supply chain, using malware to steal data or spy on activities that they use to infiltrate their end target in the supply chain. Supply chain attacks may also include denial of service attacks that knock a business offline or ransomware attacks that hold the victim’s data hostage until a ransom is paid.

How to Manage Supply Chain Security Risks

Clearly, the complexity of supply chains coupled with the complexity of today’s cyber threats make supply chain security risk management no easy feat. But with careful attention to component risk factors, a thorough and effective supply chain security risk management strategy is doable. Here are some essential pieces:

Policies: In the same ways that you establish and implement best practices and standards for cybersecurity for your own business (e.g., security awareness training, encryption, authentication, monitoring, backup, patching), your policies should also make explicit your security requirements for suppliers.

Risk Assessment: Conducting risk assessments will be instrumental in identifying potential vulnerabilities within your supply chain. Assessments allow you to determine which suppliers meet your security criteria and which need to improve their practices to remain a supplier.

Appropriate Access: Many supply chain attacks succeed because suppliers have been granted an unnecessary level of access to a partner’s network. Make sure each user only has the level of access necessary to fulfill their obligations as a supplier.

Training: Regular security awareness training for your own employees is definitely a must, but you may also consider offering suppliers training on your cybersecurity policies, procedures, and best practices.

Incident Response Planning: Your security program should be built around the assumption that a breach will occur, making incident response planning and testing a non-negotiable element of any supply chain security risk management strategy.

NexusTek helps businesses develop supply chain cyber risk management strategies through Virtual CIO (vCIO) consultation and to construct strong cyber defenses that protect others in their supply chain.

Would you like to speak to a cybersecurity expert about managing supply chain cyber risk?


  1. Robinson, P. (2023, August 2023). Why are supply chain attacks increasing? Cybersecurity Magazine.
  2. Moore, S. (2022, April 13). 7 top trends in cybersecurity for 2022. Gartner.
  3. (n.d.). Supply chain risk management.

5 Persistent Cloud Security Myths…and Why You Should Ignore Them


5 Persistent Cloud Security Myths…and Why You Should Ignore Them

Since the early days of the cloud, myths have abounded. Cloud security, in particular, is often misunderstood. To clear up the confusion, we will “bust” 5 common myths about cloud security.

Myth 1: 

Cloud Providers Automatically Include Security

One common myth is that cloud providers like Azure or AWS automatically come with full security. Cloud providers often do provide a secure infrastructure, but it is the customers’ responsibility to institute cybersecurity solutions to secure their own data within the cloud. This can include everything from setting up firewalls to establishing access controls, to bringing in an external cybersecurity provider.

Myth 2: 

The Cloud Is Less Secure Than On-Premises

Another persistent myth is that on-premises infrastructure is inherently more secure than cloud-based environments. The truth is that cloud providers invest heavily in cybersecurity of multiple forms. They also have dedicated security teams whose entire function is to protect their infrastructure. It is common for cloud providers to have more resources to invest in security than individual businesses.

Myth 3: 

Data Stored in the Cloud Is Always Secure

Another problematic misperception is that data is automatically secure once it’s in the cloud. Data security is complex. It depends on various factors like how it’s configured, who has access, and what security measures are in place. Businesses need to deploy their own security controls on top of the cloud provider’s infrastructure.

Myth 4: 

Public Cloud Has Weak Security

Some people grow concerned about public cloud infrastructure when they learn that it involves multi-tenancy, or sharing the same physical infrastructure with other users. But multi-tenancy is not inherently risky. Cloud providers can isolate one customer’s data and resources so that they are not accessible to other users. This is generally as secure as on-premises infrastructure, if not more so.

Myth 5: 

Cloud Environments Are Not Compliant

This myth has some basis in fact, as some cloud environments do not meet compliance requirements (e.g., HIPAA, GDPR, etc.). However, it is possible for cloud environments to be secured to meet stringent compliance requirements. It is important to find a cloud provider that understands your compliance requirements and is prepared to document data privacy and security conditions as required by your industry’s standards.

NexusTek provides compliance assessments, cloud hosting services in both single- and multi-tenant environments, and cybersecurity services and solutions to keep your cloud-based workloads secure.

Interested in learning more about cloud-based security? Talk with a cloud security expert today.