AI Poses Challenges, Opportunities for IT Security Leaders
As cybersecurity threats surge, organizations are keen to deploy AI for new revenue growth and productivity initiatives, while threat actors also ramp up on generative AI-powered attacks, according to a PwC report.
Nearly three-quarters of organizations plan to use generative AI for cybersecurity defense in the next 12 months, while most respondents (52%) agreed that generative AI will lead to “catastrophic cyberattacks” within the next year.
The survey also revealed a discrepancy between the top 5% of companies, who are poised to handle the escalating threat landscape and the rest of the organizations surveyed.
PwC called the top 5% the “stewards of digital trust” because they’re regularly optimizing and improving their resilience actions, they’ve implemented agile cybersecurity risk management programs and they are already realizing their benefits.
They are also more likely to be very satisfied with their current technology capabilities in key cybersecurity areas.
They’re less likely to be concerned about catastrophic generative AI cyberattacks, and they’re optimizing and are regularly reassessing their cloud strategy.
“As breaches become more common and more costly, it is a bit surprising that so many companies are still struggling with the basics,” says Joe Nocera, PwC partner leader, cyber risk and regulatory marketing,
He added that another surprising finding—and a step in the right direction—is that even during a year of belt-tightening across the board, 79% of companies planned to increase cybersecurity spending.
“That should help many organizations build up their resilience tactics and the overall effectiveness of their cybersecurity risk management programs,” he said. “Hopefully, next year, there will be far more companies that are considered ‘stewards of digital trust’ as they make these investments.”
From his perspective, the key to a strong cybersecurity defense is collaboration across the entire C-suite with all key stakeholders.
“Specifically, it’s the role of the CISO and CIO to put security at the epicenter of innovation for the organization and to clearly communicate their strategy and tactics to the rest of the organization,” he said.
No matter what the CISO or CIO recommends—whether that be new investments, tools and technologies, including AI for defense—they’re the ones who are meant to shepherd these strategies.
“That said, when it comes to leveraging AI responsibly and creating agile, responsive, security-first cybersecurity risk management programs that can evolve with the changing threat landscape—everyone in the organization has to buy in,” he added. “Collaboration is key.”
Nocera pointed out that leveraging generative AI for defense is just another way to build up a cybersecurity risk management program.
“With proper governance, generative AI can be used effectively for faster and better threat detection and analysis, cybersecurity risk and incident reporting and adaptive controls,” Nocera explained.
He said it’s also important to keep in mind that the business executives who plan to use generative AI for cybersecurity defense are not as concerned about its potential as a catastrophic threat, likely because they understand the benefits it unlocks and are prioritizing its responsible use.
“In other words, they’re taking advantage of it in the safest way possible,” he said.
The bottom line is this: Apart from the top 5% of companies, most organizations still have a lot of room for improvement when it comes to their cybersecurity risk management programs.
“As they continue to build upon their programs, address escalating cloud risks, make investments in tools, tech and talent to strengthen their programs and continue working in harmony across the C-suite to keep cybersecurity a priority for the organization, they too will likely start seeing generative AI as less of a threat and more of a strategic advantage,” Nocera noted.
He admitted that the evolution of AI is changing the threat landscape by creating lower barriers of entry for threat actors, and that it can rapidly design and iterate attack methods that will pose a significant challenge to current security measures.
“This means that the lifespan and effectiveness of existing defenses may be shortened, requiring constant adaptation and investment in new security solutions,” Nocera said. “Preparedness and resilience are not static—they need to be agile to keep pace with the continually evolving threat landscape we’re up against.”
