A recent survey revealed that ransomware remains CISOs’ (Chief Information Security Officers) top concern, even though the severity of AI-powered cyberattacks is still rising.
The largest threat to organisations, according to a survey by ClubCISO and Telstra Purple, is ransomware attacks (67%), which are higher than software vulnerabilities (59%) and software supply chain/third-party risks (64%).
Although CISOs are starting to notice AI-powered cyberattacks, they are not yet pressing a need for a shift in focus because the cost of having data encrypted or stolen is still the main concern, especially given the steadily rising ransom demands.
Genuine Threat Or Just A Precaution?
Though they don’t currently rank highly on the threat list, three out of five (62%) of CISOs think that the security industry is not prepared to handle these kinds of attacks, and that there is a critical or high risk that an AI-powered cyberattack will have a major impact on their company (63%).
However, over three-quarters (77%) of respondents said that AI has not led to an increase in their cybersecurity budget, indicating that this worry is not being reflected in cybersecurity spending.
Although some teams are responding to this concern in different ways, for example, by hiring new employees, just 6% of CISOs are looking for candidates with experience in AI threat assessments, and 7% are looking for candidates with experience using AI as a defensive tool.
“Our member survey highlights that, in contrast to some of the reporting we’ve seen around AI, CISOs are taking a measured, wait-and-see approach before making any significant investment decisions. While AI has the potential to augment a range of attack tactics, such as creating more compelling social engineering attacks, CISOs are clearly more concerned with threats as they stand today,” Rob Robinson, Head of Telstra Purple EMEA, said, while commenting on the survey results, as reported by the Techradar.
“We’ve seen CISOs evolve to become strategic conductors, rather than technology and domain experts, in the past few years. The emergence of AI and the threat it poses are clearly being balanced with a range of technology, skills, risk, and macro-economic factors,” he concluded.