Pressure on businesses to rapidly integrate AI is increasing risks of cyber attacks and data breaches
Gemserv’s CISO report, now in its second year*, has uncovered a lack of confidence amongst CISOs about the business understanding of the risks and impact of AI on data security.
Gemserv’s Director of Cyber and Privacy Mandeep Thandi said:
Organisations are under significant pressure to innovate, particularly in accelerating AI integration. The rapid pace of these rollouts is causing concern among CISOs, many of whom believe that the security risks are not fully understood by the business.
Confidence among CISOs in managing cyber threats remains low, with expectations of increased volume and sophistication of cyber attacks. Transformational technologies like cloud computing and GAI can expand an organisation’s attack surface, thereby increasing vulnerability to cyber threats.
The report has been compiled after Gemserv’s second annual survey of (CISOs) at 200 large UK & EU enterprises, across a range of sectors including financial services, energy, retail, IT and manufacturing.
Read our 2024 The Future of CISO report.
The key recommendations include:
- Create a business case for cyber security investment based on the direct and indirect costs of a successful attack (ransom fees, damage to share price, reputational damage, cost of downtime, cost of repair).
- Consider investment in three core areas: Generative AI (GAI) defence technology, to proactively counter emerging GAI-driven cyber threats; specialised Cyber Threat Intelligence software to enhance the prediction and prevention of the majority of cyberattacks by leveraging data-driven insights and real-time threat analysis; and automated incident response tools to mitigate the impact of attacks by quickly identifying and neutralising potential threats based on historical attack data and predictive models.”
- Routinely review business continuity and attack response plans at board level, whilst making continual investment in building a security-conscious culture through the organisation, backed up by habit-forming training and a zero-trust approach to all new technology.
- Provide CISOs with an emergency budget to access in the event of attack, as well as flexibility to review investments and change course during the year as the threat landscape changes.
- Involve CISOs in all technology procurement processes, ensuring vendors are only selected if they meet specific security thresholds, and that any third-party technology is continually monitored to ensure it maintains the standards.
LEVEL OF UNDERSTANDING ACROSS ORGANISATION
- 48% of CISOs rated their board’s understand of cyber risk as excellent. Only 38% rated employees understanding as excellent within their organisation.
- This disparity reveals a gap in cybersecurity awareness across the broader workforce, which may pose serious risks to organisational security.
- What is driving this gap in organisational cyber security understanding?
- What can CISOs do now to close the knowledge gap and mitigate cyber risk?
CYBER SECURITY LANDSCAPE
- 38% of UK and Europe based CISOs express concern over having sufficient resources to combat cyber and privacy threats over the next 12 months.
- A further 45% of CISOs said they cannot recruit and retain the right talent for their teams.
- As cyber risks continue to evolve, CISOs are grappling with both technological advancements and emerging attack vectors, which demand a higher level of preparedness. But what is driving this rising complexity, and why is resourcing such a significant challenge?
GEN AI: UNLOCKING THE VALUE OF DATA
- 72% of large enterprises are actively rolling out AI technology in customer-facing services and products.
- 37% of CISOs lack confidence that the business has fully understood the associated risks and impact on data security.
- There is marked room for improved, especially as AI tools are now being rolled out and used with real personal data. How can CISOs educate their organisations on the data security impacts?
THE REALITY OF CYBER RISK
- 88% of CISOs expect the cyber threat landscape to become even more challenging over the next 12 months.
- A further 32% anticipate a significant rise in complexity.
- As cyber threats continue to evolve at an alarming pace, CISOs are at the forefront of defending their organisations against an increasingly sophisticated and complex threat landscape. What’s driving this rise in complexity?
