Technology was once the backbone of a business, providing a central support structure to the organization. Data, too, played a supportive role to manage customers, inform decisions and improve efficiencies. This is no longer true. Today, technology and data are at the heart of a business – pumping vital capabilities and insights to create value in most, if not all, parts of the organization.
Just as the role of technology has evolved, so too, should cybersecurity. Amid economic pressures, many business leaders are turning to generative AI, digitization and connectivity to help their organizations be more resilient, agile and innovative. KPMG’s latest CEO Outlook reports that 72 percent of global CEOs are concerned about their long-term prosperity.1 This future focus has many business leaders embracing the promise of AI and other advanced technologies to put their business on the trajectory for long-term, sustainable growth. As such, a majority of global CEOs (64%) indicate they would invest in AI regardless of economic conditions.2
As organizations increasingly rely on digital infrastructures, cybersecurity can no longer be a supportive function. Instead it should become a strategic cornerstone to help protect an organization’s operational continuity, value creation and future prosperity, while helping to unlock the true potential of AI.
Many CEOs recognize the challenges ahead. Unlike generations past, today’s CEOs are no longer removed from technology. They use it every day in and out of the office. Many have had first-hand experience with cyber incidents – whether it’s a personal email being hacked or a regulatory fine for mishandling data. And, if they haven’t, they have likely been exposed to headlines about cyberattacks, data breaches and privacy violations. This growing appreciation for cybersecurity has 73 percent of Global Tech Report respondents saying they are investing more in cybersecurity to protect their operations and intellectual property from AI threats.3
Balancing investments
The growing momentum around AI has almost all respondents to the CEO Outlook planning to invest in AI in some form.4 The more technology – especially self-learning technology that comes into the business – the more at risk it is to cyber threats. The business impact of such risks also rises: 76 percent of global CEOs agree that cybercrime and insecurity will negatively impact their organization’s prosperity over the next three years.
This knowing creates new challenges for CEOs: how to balance investments in technology with the need to secure their digital infrastructure. At first glance, technology can appear to be accessible and inexpensive. But securing it to the level necessary to protect an organization and its users often requires a more nuanced approach.
Advanced technologies like generative AI are bringing new capabilities into an organization, which can require more specific parameters that go beyond traditional security features. It’s not enough to only secure the new technology additions. Instead, as new technology integrates with legacy systems, new security features should be incorporated to enable a more unified security strategy across all technologies – old and new.
As the layers of security are applied, this can affect budgets. The key to finding the right balance lies in allocating investments to allow for new innovations to be introduced while prioritizing security. In some cases, a smarter, more cost-effective approach may be to replace old security technology with more modern systems with AI capabilities; instead of maintaining legacy systems. The CISO can help organizations strike the right balance.
Evolving the CISO’s role
In the past, the Chief Information Security Officer (CISO) had few choices to protect their organization: a firewall, an antivirus system, and an internal detection system to name a few. Those days are long gone. Advancing AI tools are introducing new levels and types of risks CISOs should protect their organization against. Add to this a growing cybersecurity industry that is innovating a plethora of tools and systems to solve even the most niche risks.
This isn’t the only change for CISOs. Not only should they protect their organization from known threats, but they also help ensure the company can innovate without compromising security. It can be a tough balance to strike. Here are some ways CISOs can evolve their role to support their business:
- Act as a risk manager: Not every cyber risk needs to be solved, but some are critical. As such, CISOs should evaluate the risks that pose the greatest threat to the business, quantifying the value they’re protecting so they are focusing on safeguarding what really matters.
- Become an investment manager: More than managing risk, CISOs should also manage the company’s investment in cybersecurity. This means deciding where to allocate resources effectively, focusing on the options that solve the biggest problems.
- Showcase value: Proving the ROI of cybersecurity can be tricky especially when success means nothing happens. As such, CISOs should find creative ways to demonstrate value, like showcasing how security investments prevented regulatory penalties or operational downtime.
- Use AI for efficiency: As with other use cases, AI can help automate the manual work involved in security management, such as detecting anomalies, summarizing data, and even creating self-healing systems.
Cultivating a cyber focus
As organizations race ahead with AI, many progressive CEOs and CISOs are integrating security and privacy considerations from the start. A majority of organizations (72%) are embracing secure-by-design by empowering cyber teams in the early stages of tech investments.5 By doing this, security is no longer an afterthought – and the business can move forward without unexpected interruptions. In other words, cybersecurity can help drive transformation and innovation.
Adopting such a proactive approach requires more than joining the project early. It demands a cultural shift within an organization. Almost three-quarters (74%) of global CEOs agree that building a strong cyber culture is central to integrating AI safely into their organization.6 For these organizations, cybersecurity is no longer an IT issue. It’s part of a company’s DNA where everyone – from developers to the C-suite – understand that security is as critical as innovation.
1 Global CEO Outlook
2 Global CEO Outlook
3 Global Tech report
4 Global CEO Outlook
5 Global Tech Report
6 Global CEO Outlook