ClubCISO AI Report: AI cyber-attacks a critical threat, but CISO priorities are not changing yet

Security Posted: 18 April 2024

A new cybersecurity report by ClubCISO in collaboration with Telstra Purple finds that despite significant concerns around the impending impact of AI cyberattacks on respondent organisations, many have not seen their priorities or investment plans change.

The report, informed by a survey of cybersecurity leaders across public and private sector organisations worldwide, emphasises that among the myriad risks vying for the CISO’s attention, AI cyber-attacks are not yet forcing a change of focus.

The majority (63%) of CISOs surveyed rate the severity of the threat posed to their businesses by AI cyber-attacks as critical or high, with 63% also suggesting that AI cyber-attacks will be extremely damaging to businesses. This underscores the urgent need for preparedness, as 62% agree that the industry is not equipped to deal with the threat. However, the emergence of AI has not altered the priorities of a significant chunk (40%) of respondents, and for more than three-quarters of respondents (77%), AI hasn’t triggered an increase or decrease in cybersecurity spending.

Despite all the buzz around AI and a cybersecurity skills gap, only 6% of CISOs are hiring more staff with the skill set to recognise the signs of AI cyber-attacks and only 7% are hiring staff with the skill set to use it in a defensive role.

The findings suggest that whilst AI cyber-attacks represent a significant risk, combatting them may not require a shift in priorities or a dramatic uplift in dedicated AI skills. CISOs are maintaining course on their resilience plans with perhaps some optimising of processes and existing capabilities.

When asked to rank the severity of current threats to their organisations, ransomware came out on top with 67%, suggesting it represents a severe or very severe threat. Software supply chain/third-party risk (64%) and software vulnerabilities (59%) came in second and third as the biggest threat to respondent organisations today, ahead of AI cyber-attacks.

For those who are already taking some precautionary action against the threat of AI cyber-attacks:

41% say they are training staff to recognise and defend against AI cyber-attacks
31% suggest they are training staff to use AI in a defensive role
Only 30% say they have started investing in defensive AI technology

Commenting on the findings, Rob Robinson, Head of Telstra Purple EMEA, stewards of the ClubCISO community, said, “Our member survey highlights that, in contrast to some of the reporting we’ve seen around AI, CISOs are taking a measured, wait and see approach before making any significant investment decisions. While AI has the potential to augment a range of attack tactics, such as creating more compelling social engineering attacks, CISOs are more concerned with threats as they stand today”.

He continued, “We’ve seen CISOs evolve to become strategic conductors, rather than technology and domain experts, in the past few years. The emergence of AI and the threat it poses are clearly being balanced with a range of technology, skills, risk, and macro-economic factors.”

About ClubCISO

ClubCISO is a global private members forum powered by Telstra Purple for information security leaders working in public and private sector organisations. We are a community of peers working together to help shape the profession’s future. We are a non-commercial organisation with over 800 members helping to define, support and promote the critical role and value of information security leaders in business and society. ClubCISO provides a forum where security leaders can build their network, participate in proactive discussion, solve problems and create practical guidance that moves the industry forward.

Find out more here: www.clubciso.org

Related Insights

Security

Managing Third-Party Risk Assurance

Third-party risks can adversely impact organisations in several ways, including data breaches, supply chain breakdowns, and operational disruptions. They can all damage both your reputation and the bottom line.

Learn more

Security

Telstra Thought Leadership – Positioning Statements / Pitch Angles

The AI revolution opens exciting new possibilities but as frontiers expand, so do the associated security risks.

Learn more

Cloud

Microsoft end-to-end Security – Microsoft Priva

Manage the risks of handling sensitive information within Microsoft 365. Microsoft Priva is a privacy management solution that works alongside Microsoft Purview to protect your personal data and manage the identified risks.

Learn more

Cookie	Description
cookielawinfo-checkbox-advertisement	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Advertisement'.
cookielawinfo-checkbox-analytics	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Analytics'.
cookielawinfo-checkbox-necessary	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
cookielawinfo-checkbox-performance	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Performance'.
viewed_cookie_policy	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Description
_ga	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat_gtag_UA_11390492_5	Google uses this cookie to distinguish users.
_gid	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
ELOQUA	Eloqua Business Marketing platform - this cookie collects and transfers contact info from webforms to internal databases.
ELQSTATUS	Eloqua Business Marketing platform - this cookie is used to recognise unique visitors to website pages and to track the pages they visit.
GPS	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location

Cookie	Description
IDE	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.
VISITOR_INFO1_LIVE	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

ClubCISO AI Report: AI cyber-attacks a critical threat, but CISO priorities are not changing yet

Telstra Purple

Related Insights

Managing Third-Party Risk Assurance

Telstra Thought Leadership – Positioning Statements / Pitch Angles

Microsoft end-to-end Security – Microsoft Priva

Let's create, together.

Help

Other Telstra Sites