A new survey has found that a CISOs main concern continues to be ransomware, despite AI cyber attacks continuing to increase in severity.
The survey, conducted by ClubCISO in collaboration with Telstra Purple, found that ransomware attacks (67%) ranks higher than both software supply chain/third-party risks (64%) and software vulnerabilities (59%) as the biggest threat to organizations.
While AI-powered cyber attacks are gradually making their way onto the CISO radar, they are not currently forcing a change of priority, as the focus remains on the costly consequences of having data stolen or encrypted, especially as ransoms demanded continue to rise to higher and higher levels.
Genuine threat or just a precaution?
But while AI-power cyber attacks aren’t high on the threat list just yet, 3 out of 5 (62%) of CISOs believe that the security industry is not ready to deal with such attacks, and that the risk of an AI-powered cyber attack having a significant effect on their business is at a critical or high level (63%).
This concern is not being reflected in cybersecurity spending however, with over three-quarters (77%) of respondents stating that AI has not prompted an increase in their budget. Some teams are reflecting this concern in other ways though, in the hiring of new staff, but this remains a minority with just 6% of CISOs searching for new hires with AI threat skill sets, and 7% looking for those with the skills to use AI as a defensive tool.
Commenting on the survey results, Rob Robinson, Head of Telstra Purple EMEA, said, “Our member survey highlights that, in contrast to some of the reporting we’ve seen around AI, CISOs are taking a measured, wait and see approach before making any significant investment decisions. While AI has the potential to augment a range of attack tactics, such as creating more compelling social engineering attacks, CISOs are clearly more concerned with threats as they stand today.”
“We’ve seen CISOs evolve to become strategic conductors, rather than technology and domain experts, in the past few years. The emergence of AI and the threat it poses are clearly being balanced with a range of technology, skills, risk, and macro-economic factors,” he concluded.
