A recent survey conducted by Metomic, a data security solution provider, sheds light on the concerns of Chief Information Security Officers (CISOs) regarding the potential security risks associated with generative AI technology. 

CISO Survey: Insights on Generative AI

The survey, titled "2024 CISO Survey: Insights from the Security Leaders Keeping Critical Business Data Safe," gathered responses from over 400 CISOs from the United States and the United Kingdom, aiming to provide valuable insights into the current state of data security.

According to industry reports cited by Metomic, data breaches have been rising across various sectors, with industries such as healthcare, finance, and manufacturing particularly vulnerable. 

In the U.S. alone, companies experienced a significant increase in data breaches, totaling 3,205 incidents in the previous year, compared to 1,802 breaches in 2022. Additionally, the average cost of a data breach in the U.S. surged to $9.48 million in 2023.

The survey findings highlight data breaches as the primary security concern for CISOs in the U.S. and the UK. While U.S. CISOs also fear AI and emerging technologies, phishing schemes and compromised accounts are additional top concerns for their counterparts in the UK. 

To address these concerns, 84% of CISOs plan to allocate their time and resources to security operations, strategic planning, and security awareness and training initiatives throughout 2024.

The survey reveals apprehension among CISOs regarding generative AI's potential security implications. Security breaches emerge as the foremost concern, with 72% of respondents expressing worries about the security risks associated with the technology. 

Moreover, there are concerns about using sensitive company data to train the large language models (LLMs) powering generative AI solutions.

Read Also: Generative AI Already Widely Used by Most Executives: Survey

Prevalence of Malware and Phishing Attacks

Critical insights from Metomic's CISO survey include the prevalence of malware and phishing attacks experienced by many respondents, highlighting the ongoing challenges in combating cyber threats.

Additionally, creating and maintaining a strong security culture and awareness remains a top challenge for CISOs in both the U.S. and the UK.

Despite these challenges, most respondents 80% believe that their organizations provide adequate security training for employees and have a high level of awareness regarding handling confidential data. 

However, the survey underscores the need for increased focus on security operations, awareness, and risk management, with nearly 60% of CISOs wanting to dedicate more time to these areas.

Furthermore, the survey highlights the growing adoption of AI-powered tools among CISOs and IT security leaders to combat emerging security threats.

However, the risks associated with the proliferation of SaaS applications, including concerns about the potential exposure of sensitive data due to human error, are also recognized. 

"Our research makes clear just how many challenges today's CISOs face. In addition to protecting their organization against data security threats, they are prioritizing security operations and implementing training programs while trying to build a security-focused culture across the organization," Rich Vibert, co-founder and CEO of Metomic, said in a press release.

"They are overseeing IT budgets, monitoring SaaS environments, and calculating the impact of AI on their security efforts. It's an exhaustive list that is becoming increasingly more difficult to manage." 

Related Article: 68% of US Physicians Believe Generative AI is Beneficial in Healthcare: Survey