CISOs in the US and the UK are becoming increasingly worried about the potential for security breaches caused by generative AI technologies, according to a recent survey conducted by Metomic. The research, which gathered the opinions of around 400 CISOs, revealed that data breaches are a growing concern across various industries, with 72% of respondents expressing worry about this new threat.
The survey findings highlight that data breaches continue to be the most significant security issue, with the number of breaches skyrocketing over the past year. In the US alone, data breaches reached a record high in 2023, with 3,205 incidents reported compared to 1,802 the previous year. The financial impact is also staggering, as the average cost of a health data breach in the US is estimated to be around $9.48 million.
While concerns about the influence of AI and other emerging technologies on corporate security are rising, the risks of data leaks are decreasing. US and British information security managers are combining their fears about AI advancements and technological innovations. However, UK respondents are particularly focused on the threat of phishing schemes.
The survey results reveal that CISOs are prioritizing security operations and training. An overwhelming majority (84%) of respondents consider increasing their capabilities in security operations as a top priority for 2024. Strategic planning initiatives also rank high on their agenda, with approximately 79% leaning towards implementing a plan that includes security upgrades and staff training.
The survey also indicates that most applications are supported by software as a service (SaaS), with 36% of US CISOs managing 200 or more business processes with SaaS platforms. This trend underscores the importance of securing and monitoring SaaS platforms, as many businesses heavily rely on them.
Maintaining a strong security culture is a key focus for CISOs, although they face challenges in developing and sustaining effective security cultures. More than 50% of survey respondents have experienced malware or phishing attacks, either sporadically or regularly. Continuous security awareness and training are also seen as major challenges, with 41% of US CISOs and 34% of UK CISOs highlighting this issue.
In response to these difficulties, 59% of CISOs in both regions anticipate spending more time on security operations, risk management, and training activities. Rich Vibert, co-founder and CEO of Metomic, emphasized the complexity of modern CISO roles and the need for security leaders to formulate effective policies based on the survey’s findings.
The report sheds light on CISOs’ concerns regarding the increasing risk posed by generative AI to security issues. It underscores the importance of strengthening information security across operational processes, strategic planning, and education. CISOs must adopt various approaches and enhance their expertise to protect against evolving cyber threats using modern technologies and SaaS platforms.