Back

Blogs

Ireland's Elections: What's next for climate pledges?

View All

Case Studies

Supporting BrainDrip LLC's Entry into the Hydrogen Market

View All

Upcoming Events

Webinars

man wearing vr glasses under white illumination with virtual screens projection over black backgroundman wearing vr glasses under white illumination with virtual screens projection over black background

Thoughts

The Future CISO

22nd Oct, 2024

Pressure on businesses to rapidly integrate AI is increasing risks of cyber attacks and data breaches

Gemserv’s CISO report, now in its second year*, has uncovered a lack of confidence amongst CISOs about the business understanding of the risks and impact of AI on data security.

Gemserv’s Director of Cyber and Privacy Mandeep Thandi said:

Organisations are under significant pressure to innovate, particularly in accelerating AI integration. The rapid pace of these rollouts is causing concern among CISOs, many of whom believe that the security risks are not fully understood by the business.

Confidence among CISOs in managing cyber threats remains low, with expectations of increased volume and sophistication of cyber attacks. Transformational technologies like cloud computing and GAI can expand an organisation’s attack surface, thereby increasing vulnerability to cyber threats.

The report has been compiled after Gemserv’s second annual survey of (CISOs) at 200 large UK & EU enterprises, across a range of sectors including financial services, energy, retail, IT and manufacturing.

Read our 2024 The Future of CISO report.

The key recommendations include:

  1. Create a business case for cyber security investment based on the direct and indirect costs of a successful attack (ransom fees, damage to share price, reputational damage, cost of downtime, cost of repair).
  2.  Consider investment in three core areas: Generative AI (GAI) defence technology, to proactively counter emerging GAI-driven cyber threats; specialised Cyber Threat Intelligence software to enhance the prediction and prevention of the majority of cyberattacks by leveraging data-driven insights and real-time threat analysis; and automated incident response tools to mitigate the impact of attacks by quickly identifying and neutralising potential threats based on historical attack data and predictive models.”
  3. Routinely review business continuity and attack response plans at board level, whilst making continual investment in building a security-conscious culture through the organisation, backed up by habit-forming training and a zero-trust approach to all new technology.
  4. Provide CISOs with an emergency budget to access in the event of attack, as well as flexibility to review investments and change course during the year as the threat landscape changes.
  5. Involve CISOs in all technology procurement processes, ensuring vendors are only selected if they meet specific security thresholds, and that any third-party technology is continually monitored to ensure it maintains the standards.

 

*Review our 2023 CISO report

Young black woman in lab and global communication network concept.

LEVEL OF UNDERSTANDING ACROSS ORGANISATION

  • 48% of CISOs rated their board’s understand of cyber risk as excellent. Only 38% rated employees understanding as excellent within their organisation.
  • This disparity reveals a gap in cybersecurity awareness across the broader workforce, which may pose serious risks to organisational security.
  • What is driving this gap in organisational cyber security understanding?
  • What can CISOs do now to close the knowledge gap and mitigate cyber risk?

Back to top

Read our CISO report

CYBER SECURITY LANDSCAPE

  • 38% of UK and Europe based CISOs express concern over having sufficient resources to combat cyber and privacy threats over the next 12 months.
  • A further 45% of CISOs said they cannot recruit and retain the right talent for their teams.
  • As cyber risks continue to evolve, CISOs are grappling with both technological advancements and emerging attack vectors, which demand a higher level of preparedness. But what is driving this rising complexity, and why is resourcing such a significant challenge?

Back to top

Read our CISO report
Silhouette of a Businessperson Looking at a Global Network
robot finger pointing with information datum and connection hologram for futuristic robotic artificial intelligence productivity and automation efficiency as wide banner with copy space, Generative AI image

GEN AI: UNLOCKING THE VALUE OF DATA

  • 72% of large enterprises are actively rolling out AI technology in customer-facing services and products.
  • 37% of CISOs lack confidence that the business has fully understood the associated risks and impact on data security.
  • There is marked room for improved, especially as AI tools are now being rolled out and used with real personal data. How can CISOs educate their organisations on the data security impacts?

Back to top

Read our CISO report

THE REALITY OF CYBER RISK

  • 88% of CISOs expect the cyber threat landscape to become even more challenging over the next 12 months.
  • A further 32% anticipate a significant rise in complexity.
  • As cyber threats continue to evolve at an alarming pace, CISOs are at the forefront of defending their organisations against an increasingly sophisticated and complex threat landscape. What’s driving this rise in complexity?

Back to top

Read our CISO report
CPU on board with security alert hologram

Authors

Mandeep Thandi

Director of Cyber & Privacy

Read Bio

Camilla Winlo

Head of Data Privacy

Read Bio

Ian Davis

Head of Information Security

Read Bio

Ian Hirst

Partner, Cyber Threat Services

Read Bio

Ian Rutland

Head of Cyber Security

Read Bio