The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to Trellix.
GenAI’s impact on CISO responsibility
GenAI has rolled out at an immense speed, presenting a challenge for CISOs to secure critical data within their organizations.
“GenAI and AI have the potential to both disrupt and enhance security operations. As the acting gatekeepers – CISOs are under immense pressure,” said Harold Rivas, CISO, Trellix. “The CISO role is vital to the organization’s health. Navigating how to embrace AI while supporting the professionals leading our cyber defenses is mission-critical for all organizations and national security.”
The democratization of GenAI means it can be used by professionals at every skill level, bringing with it a range of benefits as well as potential risks and challenges. This same democratization makes GenAI capabilities easy to access and economical for malicious cyber actors. The role of the CISO has become even more essential as they’re looked upon to navigate this evolving landscape.
76% of CISOs already use GenAI in their organizations, with most of the remaining 24% planning to. 70% currently use traditional AI, with 26% reporting they plan to do so in the next 12 months, with the most common applications being predictive analytics software and natural language processing (NLP) tools.
CISO’s know GenAI has the power to revolutionize how organizations operate. 100% of respondents from organizations already using GenAI believe it is enhancing/augmenting cybersecurity processes and/or technologies.
Balancing risks and opportunities
With cyberattacks on the rise, AI pressures mounting, and responsibilities growing, it’s no surprise 90% of CISOs find themselves under increased pressure. Keeping pace with AI and GenAI is vital, and almost all respondents said their organizations could do more.
Increased risk is balanced with the recognized potential for GenAI to better strengthen and prepare their own cybersecurity measures, with 91% of CISOs expressing excitement over the prospects and opportunities. Paving the way for success, almost half of CISOs surveyed are already working to secure their AI tools, with 45% developing an AI committee to review AI tools as well as implementing governance, including security frameworks and standards.
AI can offer significant advantages, but 99.8% CISOs surveyed believe there are multiple areas which require greater levels of regulation, particularly surrounding data privacy and protection and ethical use.
CISOs are already noticing these threats and gaps within their organizations, with 62% of respondents agreeing they don’t have full confidence in their organization’s workforce to successfully identify cyberattacks incorporating GenAI. This is especially concerning, considering 99% of respondents reported experiencing a cyberattack in the last six months, with 82% experiencing an overall increase in cyberattacks. Primary concerns relate to the speed, frequency, and scale of cyberattacks GenAI will enable.
There is also increasing liability with the CISO role, with high-profile cyber breaches becoming a part of the daily news cycle, heightening the public profile of CISOs and, in turn, placing them under intense scrutiny. The introduction of AI and GenAI into these organizations has also brought increased scrutiny of CISOs, and 90% of respondents agree it has exposed them to increased liability in their role.
89% of CISOs agree adopting and integrating GenAI tools will help address security operations staffing issues within their organization. CISOs also all agreed any redundancies as a result of GenAI would be repurposed within the organization focused on managing and overseeing GenAI tools.
Current demanding workloads see 91% of CISOs expressing they don’t have enough time to focus on the threat of these technologies.
On average, CISOs believe GenAI has or could improve the productivity of their organization’s workforce by 38%.
Future of the CISO role
The changing regulatory landscape around AI and the commercial adoption of GenAI brings into question how well-equipped CISOs and their organizations are to adapt to these shifting policies and external factors. Overall, 97% of respondents are concerned about the shifting regulations over the use of AI, with one of the primary areas of concern being the use of AI to embolden nation-states to plant advanced persistent threats (APTs) within their infrastructure.
92% of CISOs expressed AI and GenAI have made them contemplate their future in the role, bringing into serious question how policy and regulation need to adapt to bolster the role of the CISO and enable organizations to secure their systems effectively. The primary driver of increased stress levels is the cybersecurity skills gaps and the need to recruit new employees with AI experience and knowledge (48%), and 38% of CISOs reported increased stress levels over the requirement to train current employees on AI.
“CISOs’ concerns over shifting AI regulations have them asking policymakers for greater regulation around its use, with nearly all agreeing it’s needed in the next six months,” said James Lewis, SVP, Pritzker Chair, and Director, Strategic Technologies Program, CSIS. “This isn’t surprising given the inherent risks and current potential for increased exposure and liability in their role. There needs to be clear regulatory rules and compliance standards applicable across industries to help enable CISOs and their organizations to develop scalable solutions for global adoption.”