CISOs worry about gen AI leading to security breaches

A new survey of more than 400 CISOs in the US and UK reveals that 72 percent are concerned about security breaches related to generative AI.

The study from Metomic finds that CISOs from both the US and UK rank data breaches as their top security concern. Data breaches are continuing to surge across industries, but particularly for healthcare, finance, and manufacturing organizations. According to industry reports, US companies experienced 3,205 data breaches last year (up from 1,802 in 2022), with the average cost of a data breach in the US climbing to $9.48 million in 2023.

In the US AI and emerging tech follow data breaches as a top concern, while in the UK it's phishing schemes and compromised accounts. The survey reveals that 84 percent of CISOs plan to focus their time and efforts on security operations in 2024, followed by strategy and planning initiatives (82 percent), and security awareness and training (79 percent). 36 percent of CISOs in the US report their organization uses more than 200 SaaS applications to run the business.

"Our research makes clear just how many challenges today's CISOs are up against. In addition to protecting their organization against data security threats, they are prioritizing security operations and implementing training programs while trying to build a security-focused culture across the organization. They are overseeing IT budgets, monitoring SaaS environments, and calculating the impact of AI on their security efforts. It's an exhaustive list that is becoming increasingly more difficult to manage," says Rich Vibert, co-founder and CEO of Metomic. "As part of the cybersecurity community, we conducted this survey to offer security leaders a helpful resource when building their own data security policies. Being a CISO can feel extremely isolating, especially when it's your job to manage the very tools your business uses to keep things moving forward. Metomic exists so that we can help CISOs better monitor their systems and networks by adding an extra layer of protection across their SaaS ecosystems."

Among other findings more than half of survey respondents confirmed they have already experienced malware and phishing attacks on an occasional or frequent basis. Creating and maintaining a strong security culture and awareness is a top challenge for both US (41 percent) and UK CISOs (34 percent). Nearly 60 percent of CISOs in both the UK and US say they should be spending more time on security ops, security awareness and training, and risk management.

The full report is available from the Metomic site.

Image credit: khosrork/depositphotos.com