CISOs not changing priorities in response to AI threats

A new report by ClubCISO in collaboration with Telstra Purple finds that despite significant concerns around the impact of AI cyberattacks, many organizations have not seen their priorities or investment plans change.

Of CISOs surveyed 63 percent rate the severity of the threat posed to their businesses by AI cyber-attacks as critical or high, with 63 percent also suggesting that AI cyberattacks will be extremely damaging to businesses.

This underscores the need for preparedness, as 62 percent agree that the industry is not equipped to deal with the threat. However, the emergence of AI has not altered the priorities of a significant chunk (40 percent) of respondents, and for more than three-quarters of respondents (77 percent), AI hasn't triggered an increase or decrease in cybersecurity spending.

Despite all the buzz around AI and a cybersecurity skills gap, only six percent of CISOs are hiring more staff with the skill set to recognize the signs of AI cyber-attacks and only seven percent are hiring staff with the skill set to use AI in a defensive role.

Of those who are already taking some precautionary action against the threat of AI cyber-attacks, 41 percent say they are training staff to recognize and defend against AI cyber-attacks, 31 percent are training staff to use AI in a defensive role and 30 percent say they have started investing in defensive AI technology.

Rob Robinson, head of Telstra Purple EMEA, stewards of the ClubCISO community, says:

Our member survey highlights that, in contrast to some of the reporting we've seen around AI, CISOs are taking a measured, wait and see approach before making any significant investment decisions. While AI has the potential to augment a range of attack tactics, such as creating more compelling social engineering attacks, CISOs are more concerned with threats as they stand today.

We've seen CISOs evolve to become strategic conductors, rather than technology and domain experts, in the past few years. The emergence of AI and the threat it poses are clearly being balanced with a range of technology, skills, risk, and macro-economic factors.

When asked to rank the severity of current threats to their organizations, ransomware comes out on top at 67 percent, suggesting it represents a severe or very severe threat. Software supply chain/third-party risk (64 percent) and software vulnerabilities (59 percent) come in second and third as the biggest threat to respondent organizations today, ahead of AI cyber-attacks.

Image credit: BiancoBlue/depositphotos.com