Despite the increasing severity of AI cyber attacks, a recent survey conducted by ClubCISO in collaboration with Telstra Purple revealed that CISOs remain more concerned about ransomware attacks. The survey found that ransomware attacks are ranked higher at 67% compared to software supply chain/third-party risks (64%) and software vulnerabilities (59%) as the most significant threats to organizations.
Genuine threat or just a precaution?
While AI-powered cyber attacks are gaining attention among CISOs, they have not yet shifted the priority away from ransomware attacks. The focus continues to be on the costly consequences of data theft or encryption, especially as ransom demands continue to escalate. Despite the rising concern, 62% of CISOs believe that the security industry is not adequately prepared to counter AI-powered cyber attacks, with 63% considering the risk of such attacks having a significant impact on their business at a critical or high level.
Interestingly, the survey also revealed that the increase in AI-related threats has not led to a corresponding rise in cybersecurity spending. Over three-quarters (77%) of respondents stated that their budgets have not been boosted due to AI threats. However, some teams are responding to this concern by seeking new talent. Only 6% of CISOs are actively looking to recruit staff with expertise in AI threats, while 7% are seeking individuals skilled in using AI defensively.
Rob Robinson, the Head of Telstra Purple EMEA, highlighted the cautious approach taken by CISOs regarding AI threats. He mentioned, “Our member survey highlights that, in contrast to some of the reporting we’ve seen around AI, CISOs are taking a measured, wait and see approach before making any significant investment decisions. While AI has the potential to augment a range of attack tactics, such as creating more compelling social engineering attacks, CISOs are clearly more concerned with threats as they stand today.” He also noted the evolving role of CISOs to strategic conductors, emphasizing a balance between various factors amidst the emergence of AI threats.
