16 Apr 2024

A new cybersecurity report by ClubCISO in collaboration with Telstra Purple finds that despite significant concerns around the impending impact of AI cyberattacks on respondent organisations, many have not seen their priorities or investment plans change.

The report, informed by a survey of cybersecurity pioneers across public and private sector organisations worldwide, emphasises that among the myriad risks vying for the CISO’s attention, AI cyber-attacks are not yet forcing a change of focus.

AI cyber-attacks

Majority (63%) of CISOs surveyed rate the severity of the threat posed to their businesses by AI

The majority (63%) of CISOs surveyed rate the severity of the threat posed to their businesses by AI cyber-attacks as critical or high, with 63% also suggesting that AI cyber-attacks will be extremely damaging to businesses. This underscores the urgent need for preparedness, as 62% agree that the industry is not equipped to deal with the threat. 

However, the emergence of AI has not altered the priorities of a significant chunk (40%) of respondents, and for more than three-quarters of respondents (77%), AI hasn’t triggered an increase or decrease in cybersecurity spending. 

Signs of AI cyber-attacks

CISOs are holding study on their strength plans with perhaps some optimising of methods

Despite all the buzz around AI and a cybersecurity skills gap, only 6% of CISOs are hiring more staff with the skill set to recognise the signs of AI cyber-attacks and only 7% are hiring staff with the skill set to use it in a defensive role. The findings suggest that whilst AI cyber-attacks represent a significant risk, combatting them may not require a shift in priorities or a dramatic uplift in dedicated AI skills. CISOs are maintaining course on their resilience plans with perhaps some optimising of processes and existing capabilities.

When asked to rank the severity of current threats to their organisations, ransomware came out on top with 67%, suggesting it represents a severe or very severe threat. Software supply chain/third-party risk (64%) and software vulnerabilities (59%) came in second and third as the biggest threat to respondent organisations, ahead of AI cyber-attacks.

Threat of AI cyber-attacks

For those who are already taking some precautionary action against the threat of AI cyber-attacks:

  • 41% say they are training staff to recognise and defend against AI cyber-attacks
  • 31% suggest they are training staff to use AI in a defensive role
  • Only 30% say they have started investing in defensive AI technology

Emergence of AI

Commenting on the findings, Rob Robinson, Head of Telstra Purple EMEA, stewards of the ClubCISO community, said, “Our member survey highlights that, in contrast to some of the reporting we’ve seen around AI, CISOs are taking a measured, wait and see approach before making any significant investment decisions. While AI has the potential to augment a range of attack tactics, such as creating more compelling social engineering attacks, CISOs are clearly more concerned with threats as they stand today”.  

He continued, “We’ve seen CISOs evolve to become strategic conductors, rather than technology and domain experts, in the past few years. The emergence of AI and the threat it poses are clearly being balanced with a range of technology, skills, risk, and macro-economic factors.”