Empowering Cybersecurity Teams in the Age of AI
In a world where artificial intelligence (AI) is rapidly becoming a norm in organizational operations, cybersecurity teams are finding themselves left out of the loop when it comes to developing policies governing the use of AI. According to new research presented at the ISACA 2024 Europe Conference, only 35% of the 1800 cybersecurity professionals surveyed reported being involved in the development of AI policies.
Even more concerning, 45% of those professionals admitted to having no involvement in the development, onboarding, or implementation of AI solutions within their organizations. This lack of participation is occurring at a time when many businesses are embracing the use of generative AI in the workplace, highlighting the need for greater cybersecurity involvement in AI initiatives.
The Shift Towards AI Governance
The EY report AI Adoption Key to Corporate Growth revealed that 35% of senior leaders are actively creating roadmaps for comprehensive AI implementation within their organizations. Chris Dimitriadis, Chief Global Strategy Officer at ISACA, emphasized the changing landscape of AI governance, noting that more organizations are now looking to establish AI governance frameworks.
While governments are beginning to develop regulations around AI, Dimitriadis expressed concern that cybersecurity is not being adequately integrated into these governance systems. He stressed the importance of considering cybersecurity as a fundamental aspect of AI implementation to ensure data security and privacy.
Speaking to Infosecurity, Erik Prusch, CEO of ISACA, highlighted the evolving nature of AI risk within organizations. He emphasized that responsibility for AI governance now falls on every team member, as vulnerabilities can stem from both individuals and systems.
Adoption of AI in Cybersecurity
The survey also revealed that cybersecurity professionals are primarily leveraging AI for automating detections and responses (28%) and enhancing endpoint security (27%). Additional uses include automating routine tasks (24%) and fraud detection (13%). However, Prusch believes that there is still much untapped potential for AI integration in cybersecurity practices.
Dimitriadis emphasized the importance of incorporating AI into cybersecurity tools to facilitate auditing, security, and privacy protection. He emphasized the necessity of utilizing AI-powered systems to enhance existing processes and ensure comprehensive data protection.