We live in a world of heightened geopolitical risks, from the conflicts in Russia-Ukraine and Israel-Hamas to precarious US-China relations and widespread economic slowdown. Against this backdrop, cyber attacks have become more sophisticated, severe and frequent, threatening the daily working of governments and their agencies, vital infrastructure such as healthcare services and corporations of all sizes. The UK’s National Cyber Security Centre (NCSC) has reported that more than 7 million suspicious emails and websites alone were reported to authorities last year, equivalent to one every five seconds.
At the same time, more and more of our daily services and processes are being digitised, increasing their potential exposure to risk and demands for cyber resilience. More vital data and information is being gathered by more organisations and stored in the cloud. The growth in hybrid and flexible working in the wake of the pandemic is creating fresh challenges for organisations in maintaining cyber vigilance remotely.
The chief information security officer (CISO) has to respond to the challenges of this complex and fast-evolving environment, maintaining the security of nations, organisations and citizens. They are working within a technological environment that is itself changing dramatically, with this year notably bringing the leap forward in artificial intelligence (AI) in the launch and uptake of Generative AI powered language model, ChatGPT. This field of innovation is bringing both opportunities and new cyber risks.
How can CISOs rise to the challenge that generative AI will bring? What will new regulations in AI and data protection bring? What can be done to understand and manage risks? How can defence be prioritised?
For the first time, Gemserv has commissioned a survey of CISOs to gauge their perceptions and experiences. Our survey looks at how well equipped CISOs felt to address their challenges – specifically those arising from AI innovation – and seeks to understand their expectations for the future.
SENTIMENT
Being asked to do more with less
Overall, CISOs were most positive about:
- Having sufficient resources to tackle the cyber security and privacy challenges they expect to face in the next twelve months.
- The EU AI Act and the UK Data Protection and Digital Information (DPDI) Bill supporting their organisations to grow and expand their services.
They were most negative about:
- Being asked to do ‘more with less’ over the next twelve months.
More than 1 in 5 CISOs were concerned about:
- Lack of senior leadership support.
- Having the necessary budget.
- Recruiting and retaining talent.
- Increasing complexity and challenge in the cyber threat landscape
RISK MANAGEMENT
A mixed picture on resourcing
67% of CISOs expect to be asked to do more with less in the next 12 months, indicating that many can expect to be asked to find efficiency savings. A further 36% said they are ‘Very Confident’ that they will have the resources they need to tackle cyber and privacy threats over the next 12 months, with a further 61% being ‘Somewhat Confident’.
Meeting these challenges requires professionals who are excellent at communicating clear, actionable, prioritised information to help CISOs act efficiently, cope with budget constraints and fill any gaps caused by staffing difficulties.
Read our CISO report
GENERATIVE AI
On the rise
The evolution and application of generative AI is anticipated to bring significant risks. When asked about the potential threats, 38% of survey respondents say they expect to see ‘Many More’ attacks using deep fake AI technologies over the next five years, with a further 45% expecting to see ‘Somewhat More’. In all, 83% of respondents expect generative AI to be implicated in more cyber attacks, but only 16% rate their organisation’s understanding of these tools as excellent.
But our respondents are nonetheless confident in their ability to protect data. When asked about their capability, 59% say they are doing a good job in controlling the risks associated with generative AI. An encouraging 72% say they have the support and backing of senior leadership – even if those leaders don’t always fully understand what they are supporting.
Read our CISO reportEMERGING THREATS
Being prepared
78% of CISOs believe the cyber threat landscape will become more complex and challenging over the next 12 months.
In a world where the cyber threat landscape is evolving significantly and good intelligence is essential, CISOs are facing challenges in responding as they expect their budgets to be under pressure and may find it difficult to recruit and retain the right talent. Choosing the right provider is important too – the 19% of CISOs who rate their CTI providers as ‘Excellent’ at providing clear, prioritised and actionable intelligence are clearly already reaping the rewards.
Read our CISO report
NEW REGULATIONS
Welcome moves
We asked our CISOs whether they felt the UK DPDI, designed to replace the General Data Protection Regulation (GDPR), and EU AI Act would enable their organisations to grow and enhance their services.
- 28% ‘Strongly Agree’ that the laws will support their organisations
- 54% ‘Somewhat Agree’
- Only 3% disagreed with our question and said they did not think the laws would help their organisations.
