CISOs turn to generative AI to cover skills gaps

A new report finds 86 percent CISOs are turning to generative AI in order to alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic.

The study from Splunk shows 35 percent are using generative AI for positive security applications and 61 percent say they will likely use it within the next 12 months. On the other side of the coin 70 percent believe that generative AI could give cyber adversaries more opportunities to commit attacks

"The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions," says Jason Lee, CISO at Splunk. "These relationships will give CISOs the opportunity to become champions who can effectively change the security culture of their organization and lead teams to become more cross-collaborative and resilient. By communicating key security metrics CISOs are also able to guide the board on the emerging technologies companies should adopt, such as generative AI, to help organizations improve cyber defense management and prepare for the future."

The report also reveals that 90 percent of respondents report that their organization has experienced at least one disruptive attack last year. Numerous industries experienced ransomware attacks that significantly impacted their systems and business operations, including financial services (59 percent), retail (59 percent) and healthcare (52 percent).

More worrying is that 83 percent of organizations paid the attackers in the wake of a ransomware attack and more than half paid at least $100,000. Retail is the industry most likely to pay the ransom, with 95 percent of those reporting that they either paid directly, through cyber insurance or a third party. CISOs point to lack of visibility into systems -- with cloud and application security gaps as their biggest weaknesses.

A large majority agree that tool sprawl is a major concern, likely compounding existing visibility issues. 88 percent of respondents say that they see a need to rein in security analysis and operations tools with solutions like security orchestration, automation and response (SOAR), security information and event management (SIEM) and threat intelligence, to address the issue of tool sprawl and complexity. CISOs are looking to decrease the number of tools they use, and simplify processes with automation.

You can read more on the Splunk site.

Image Credit: agsandrew / depositphotos.com