CEOs misunderstand AI cyber threat, exposing need for protective measures
The growing threat posed by artificial intelligence (AI) to cyber security, particularly the imminent rise of deep fake AI technologies, is largely misunderstood by CEOs, according to a new report.
The research, undertaken by OnePoll and cybersecurity consultancy Gemserv, suggests that not only is there a significant lack of understanding about AI's capabilities, but also an urgent need for investment into the necessary protective measures.
The report, "Through the Cyber Lens: The Evolving Future of Cyber Security," assesses the readiness of Chief Information Security Officers (CISOs) across the UK and Europe to confront these evolving challenges.
It found a gap in knowledge and information is emerging as the cyber threat landscape is predicted to become increasingly volatile – a situation likely to be made worse by current geopolitical tensions.
This research comes ahead of the first Global AI Safety Summit at Bletchley Park this week, following recent announcements by the UK Prime Minister. The study reveals that corporate systems must be upgraded now to combat more sophisticated AI-led cyber attacks.
The survey determined that 83% of respondents expect generative AI, which is capable of generating text, images, or other media using learnt patterns, to lead future cyber attacks. However, only 16% believe their organisations have adequate understanding of what advanced AI tools can do.
Director of Cyber and Privacy at Gemserv, Mandeep Thandi, emphasised the risks: "As the AI revolution transforms the landscape of cybersecurity, CISOs stand at the forefront of this change. AI is reshaping the contours of cyber defence by augmenting human capabilities, predicting threats, and fortifying organisations against the volatile cyber threat landscape."
With an increase in AI-related cyber risks, CISOs face significant challenges in securing sufficient resources to tackle them adequately. More than two-thirds (69%) of organisations lack access to either SIEM tooling or cyber threat intelligence, with 8% having neither. These factors are essential in forecasting and preparing for attacks.
Furthermore, the research indicates that 63% of CISOs feel that their senior leadership lacks a comprehensive understanding of the imminent cybersecurity and privacy threats. A joint total of 69% of European CISOs and 61% of UK CISOs report a deficit in cyber threat intelligence (CTI), thus obstructing their ability to prioritise budgets and inform boards about impending threats.
On the subject of CTI, Thandi stated, "CTI is vital for organisations as it provides proactive insights into potential cyber threats, enabling timely identification, risk assessment, and tailored defence strategies. It empowers organisations to stay ahead of adversaries, enhance incident response, and continuously improve their cybersecurity posture in the face of evolving cyber risk."
Looking forward, regulatory changes are set to provide some respite with the introduction of the EU's AI Act and the UK's Data Protection and Digital Information (DPDI) Bill. A significant 82% of CISOs believe these new regulations will support their organisations' growth and expansion of services. These regulations aim to manage risks and strengthen rules around data quality, transparency, human oversight, and accountability.
Overall, the study offering a sobering insight into the struggle of CISOs to safeguard digital landscapes against a surge of challenges. As threats evolve, the need for fortifying cybersecurity measures becomes more pressing, resulting in the urgent need to equip CISOs with the resources required to beef up defence systems.