A majority of Chief Information Security Officers (CISOs) in the U.S. are apprehensive about the potential security breaches that could arise from the adoption of generative AI technologies, according to a newly released report by data security firm Metomic. The survey, which encompassed over 400 CISOs from both the U.S. and the UK, aimed to shed light on the evolving landscape of cybersecurity challenges and the proactive measures being prioritized by these security leaders in 2024.
The findings indicate that data breaches continue to pose the gravest threat across various sectors, with industries such as healthcare, finance, and manufacturing experiencing a sharp increase in incidents. Reports indicate that U.S. companies witnessed a staggering 3,205 data breaches in the previous year, marking a significant rise from 1,802 incidents in 2022. The financial repercussions are equally alarming, with the average cost of a data breach in the U.S. escalating to $9.48 million in 2023.
This uptick in breaches has invariably placed data security as the paramount concern among CISOs in both surveyed nations. However, while U.S. CISOs are particularly worried about the implications of AI and emerging technologies following closely behind data breaches, their UK counterparts are more concerned with phishing schemes and compromised accounts. Notably, 72% of U.S. CISOs expressed specific concerns regarding the security vulnerabilities linked to generative AI solutions, fearing that sensitive company data could be exploited to train the large language models (LLMs) that power these technologies.
According to Metomic’s survey, there is a consensus among CISOs on the need to dedicate more time and resources to security operations, with 84% planning to focus primarily on this area in 2024. Strategy and planning, along with security awareness and training, also rank high on their agendas. Interestingly, the use of SaaS applications is extensive, with 36% of U.S. CISOs reporting that their organizations utilize over 200 different SaaS apps to facilitate business operations.
Adoption of AI-powered Tools
The challenges of maintaining a robust security culture are felt across the Board, with 41% of U.S. CISOs and 34% of UK CISOs citing it as a top hurdle. Despite these challenges, there is a positive note as the majority of respondents believe that their organizations conduct sufficient security training, with 93% confident in their employees’ awareness levels regarding the handling of sensitive data.
The adoption of AI-powered tools to combat AI-based security threats is on the rise, with four-fifths of the surveyed CISOs planning to implement such technologies. This is indicative of the growing recognition of AI’s dual role as both a potential threat and a vital tool in the cybersecurity arsenal.
Metomic’s CEO, Rich Vibert, emphasized the multitude of challenges faced by today’s CISOs, from safeguarding data against breaches to managing IT budgets and monitoring the sprawling SaaS environments. The survey was conducted not just to gather data but to provide a resource to help CISOs in crafting and refining their data security policies.
The report also highlights a critical vulnerability concerning the proliferation of SaaS applications – the more applications a business uses, the greater the potential for data breaches, primarily due to human error. Metomic‘s analysis of over 6.5 million Google Drives uncovered that 40% contained sensitive data at risk of exposure.
