Dive Brief:
- Most cybersecurity leaders, 93%, say their companies have deployed generative AI, yet 34% of those using the technology have not erected safeguards against security threats, Splunk found in a survey.
- Roughly two out of three respondents (65%) say they do not fully understand the hazards of generative AI, while 44% rank it as a higher priority than cloud computing security, Splunk said after surveying 1,650 executives.
- Companies adopting generative AI across as many as 16 industries “want to ensure they’re utilizing best practices, but the speed at which they need to move means some have overlooked possible ramifications,” Splunk SURGe security strategist Audra Streetman said.
Dive Insight:
Cyberattacks annually soared 26% on average from 2017 until 2023, Moody’s Investors Service said last month, citing University of Maryland data. “This number is likely to be understated since organizations are often not required to report cyberattacks.”
As cybersecurity risks rise, generative AI will likely favor attackers over the short-to-medium term, Moody’s said.
Forty-five percent of respondents to the Splunk survey say that generative AI gives wrongdoers an advantage, while 43% say the technology gives cybersecurity defenders an edge, Splunk said.
“Whether defenders or attackers have the upper hand is largely dependent on an organization’s cybersecurity strategy,” Streetman said in an email response to questions.
“Organizations that implement basic controls like asset inventories and account management often see the greatest return on investment, making it easier to stay ahead of adversaries, many of whom are still relying on tried-and-true techniques,” she said.
Collaboration among various business departments is an essential defense, she said, noting that 87% of security teams involve a variety of company units, including 54% that collaborate with software engineering to implement secure-by-design practices.
Overall, generative AI “creates new opportunities for organizations to streamline processes, increase productivity and limit staff burnout,” Streetman said. “Defenders seem optimistic about Gen AI use cases.”
The technology helps in mining data and identifying and analyzing cybersecurity risks, she said. Fifty-five percent of respondents to the Splunk survey said that with generative AI they can detect disruptive incidents in 14 days or less, compared with 28% in the survey completed early last year.
“What’s important for security teams to remember as they continue to integrate generative AI is to keep humans in the loop,” Streetman said. “AI is a powerful tool, but human decision-making related to Gen AI is critical when defending against threats.”
Splunk surveyed security executives in the U.S., Japan, the U.K, France, Germany and four other countries.