ClubCISO AI Report: AI cyber-attacks a critical threat, but CISO priorities are not changing yet


Photo of Telstra Purple

Telstra Purple

A new cybersecurity report by ClubCISO in collaboration with Telstra Purple finds that despite significant concerns around the impending impact of AI cyberattacks on respondent organisations, many have not seen their priorities or investment plans change.

The report, informed by a survey of cybersecurity leaders across public and private sector organisations worldwide, emphasises that among the myriad risks vying for the CISO’s attention, AI cyber-attacks are not yet forcing a change of focus.

The majority (63%) of CISOs surveyed rate the severity of the threat posed to their businesses by AI cyber-attacks as critical or high, with 63% also suggesting that AI cyber-attacks will be extremely damaging to businesses. This underscores the urgent need for preparedness, as 62% agree that the industry is not equipped to deal with the threat. However, the emergence of AI has not altered the priorities of a significant chunk (40%) of respondents, and for more than three-quarters of respondents (77%), AI hasn’t triggered an increase or decrease in cybersecurity spending.

Despite all the buzz around AI and a cybersecurity skills gap, only 6% of CISOs are hiring more staff with the skill set to recognise the signs of AI cyber-attacks and only 7% are hiring staff with the skill set to use it in a defensive role.

The findings suggest that whilst AI cyber-attacks represent a significant risk, combatting them may not require a shift in priorities or a dramatic uplift in dedicated AI skills. CISOs are maintaining course on their resilience plans with perhaps some optimising of processes and existing capabilities.

When asked to rank the severity of current threats to their organisations, ransomware came out on top with 67%, suggesting it represents a severe or very severe threat. Software supply chain/third-party risk (64%) and software vulnerabilities (59%) came in second and third as the biggest threat to respondent organisations today, ahead of AI cyber-attacks.

For those who are already taking some precautionary action against the threat of AI cyber-attacks:

  • 41% say they are training staff to recognise and defend against AI cyber-attacks
  • 31% suggest they are training staff to use AI in a defensive role
  • Only 30% say they have started investing in defensive AI technology

Commenting on the findings, Rob Robinson, Head of Telstra Purple EMEA, stewards of the ClubCISO community, said, “Our member survey highlights that, in contrast to some of the reporting we’ve seen around AI, CISOs are taking a measured, wait and see approach before making any significant investment decisions. While AI has the potential to augment a range of attack tactics, such as creating more compelling social engineering attacks, CISOs are more concerned with threats as they stand today”.  

He continued, “We’ve seen CISOs evolve to become strategic conductors, rather than technology and domain experts, in the past few years. The emergence of AI and the threat it poses are clearly being balanced with a range of technology, skills, risk, and macro-economic factors.”


About ClubCISO

ClubCISO is a global private members forum powered by Telstra Purple for information security leaders working in public and private sector organisations. We are a community of peers working together to help shape the profession’s future. We are a non-commercial organisation with over 800 members helping to define, support and promote the critical role and value of information security leaders in business and society. ClubCISO provides a forum where security leaders can build their network, participate in proactive discussion, solve problems and create practical guidance that moves the industry forward.

Find out more here:

Related Insights

Managing Third-Party Risk Assurance

Third-party risks can adversely impact organisations in several ways, including data breaches, supply chain breakdowns, and operational disruptions. They can all damage both your reputation and the bottom line.

Learn more

Telstra Thought Leadership – Positioning Statements / Pitch Angles

The AI revolution opens exciting new possibilities but as frontiers expand, so do the associated security risks.

Learn more

Microsoft end-to-end Security – Microsoft Priva

Manage the risks of handling sensitive information within Microsoft 365. Microsoft Priva is a privacy management solution that works alongside Microsoft Purview to protect your personal data and manage the identified risks.

Learn more