Increased scrutiny and liability fears are personally impacting CISOs, as many take legal steps to protect themselves
The survey found that 70% of CISOs’ budgets increased in 2024 compared to 2023, and revealed new insights into a number of cybersecurity trends specifically relating to AI threats and solutions:
- AI-powered attacks: 75% of respondents said phishing attacks pose the greatest AI-powered threat to their organization, while 56% said deepfake enhanced fraud (voice or video) poses the greatest threat.
- Defending AI systems: ‘Lack of expertise’ (58%) and ‘Balancing security with usability’ (56%) are the two main challenges organizations face when defending AI systems.
- Addressing future AI-related security threats: 41% of CISOs expect to explore purchasing solutions for managing the AI development lifecycle within the next 1-2 years. Additionally, many CISOs are prioritizing solutions for third-party AI application data privacy (36%) and tools to discover and map Shadow AI usage (33%).
- Data protection tops issues not adequately addressed by existing solutions: CISOs identify several critical data security concerns that currently lack adequate solutions – insider threats and next-gen DLP (65%), third-party risk management (46%), AI application security (43%), human identity management (40%), and security executive dashboards (40%)
“Recent technological advancements have rapidly transformed the threat landscape, and CISOs are responding. As companies evolve from using third-party AI tools to developing their own AI applications, securing AI development pipelines and data infrastructure has become a priority. At the same time, AI also introduces new, novel risks, such as deepfakes and social engineering, which are unfamiliar territory for CISOs. Balancing these emerging threats with ongoing issues like identity and third-party risk management will be a critical challenge in the coming years,” said Amir Zilberstein, Managing Partner at Team8 and co-founder of Claroty.
The survey found that 54% of CISOs reported that their personal well-being has been impacted due to concern about liability, while 32% have actively taken steps to mitigate personal legal risk, through actions such as seeking legal counsel, purchasing additional insurance or adjusting their contract. Meanwhile, 54% report experiencing significantly tighter scrutiny from their superiors over the past year despite their budgets and scope increasing.
“The latest SEC rulings and rising liability pressures have pushed CISOs into new and complex territory, intensifying both the legal and emotional challenges they must navigate,” said Ross Young, CISO in Residence at Team8. “This pivotal shift carries far-reaching consequences – not only for the well-being of CISOs but for the security and resilience of organizations globally. With AI-driven threats on the rise, the CISOs who excel will be those who can adeptly manage these mounting pressures while staying focused on the critical mission of protecting against an ever-evolving threat landscape.”
Speaking on the survey results, Alvaro Garrido, Interim Group Chief Information Officer (CIO) at Standard Chartered said, “With threats like phishing and deepfakes on the rise, we can implement solutions that protect sensitive data and build trust with our stakeholders. By prioritizing human identity verification and embracing new technologies, we can turn these regulatory pressures into catalysts for positive changes, creating a resilient cyber security framework that not only safeguards our Bank and the financial community as a whole, but also inspires confidence and collaboration within our teams.”