October 10, 2023 By Chris McCurdy 3 min read

Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO’s guide to generative AI: Cybersecurity,” part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs with respect to the cybersecurity benefits that GenAI can bring, and the potential risks it can introduce, to their enterprises.

The guidance draws on insights from 200 C-suite leaders and reveals that despite substantial concerns over risks, enterprises are moving full steam ahead with GenAI adoption, eager to reap the rewards and efficiencies promised by GenAI innovation. Key highlights include:

  • Innovate first, secure later? Despite nearly all surveyed executives (94%) considering it important to secure AI solutions before deployment, 69% also say innovation takes precedence over security for GenAI.
  • AI security spend moving upwards: By 2025 AI security budgets are expected to be 116% greater than in 2021, with 84% of respondents saying they will prioritize GenAI security solutions over conventional ones.
  • GenAI viewed as a force multiplier for cyber workforce: 92% of surveyed executives say that, instead of being replaced, it is more likely their security workforce will be augmented or elevated to focus on higher-value work.
Register for the AI + Cybersecurity webinar

Generative AI becomes cybersecurity’s next big bet

As business leaders seek to drive more effective cybersecurity capabilities across their environments, they are expecting to spend more on generative AI-driven solutions. The overwhelming majority of survey respondents (84%) say they will prioritize generative AI security solutions over conventional ones, eager to see the promise of these innovations materialize.

The findings further emphasize the productivity gains that AI promises at the human and technology levels. Today’s AI maturity can help security analysts, empowering them to do more with less through intelligent assistants and speedier, more intuitive detection and response tools.

Survey respondents largely agreed that their workforce is the top area that would benefit from GenAI for security capabilities, with 52% of respondents saying generative AI solutions will positively impact their ability to develop and retrain security talent — an essential requirement amid an ever-evolving threat landscape. The majority of surveyed executives also viewed GenAI as an accelerator of digital trust with 52% indicating that GenAI will help establish easier user access management, permissions, and entitlement across their organizations. Similarly, 47% of executives say GenAI will help improve the time to detect and respond to cyber threats.

Explore the study

Generative AI adoption outpaces security and governance

Despite nearly all executives agreeing that it’s important to secure AI solutions before deployment, 69% say innovation takes precedence over security for GenAI. Rather than incorporating security considerations into innovation efforts, business leaders appear to be prioritizing development of new capabilities without addressing new security risks. This is even though 96% say adopting generative AI makes a security breach likely in their organization within the next three years.

While the survey takeaways suggest that business leaders fear they may lose a competitive edge or market lead by waiting for security to be baked into their AI-led business models, they are also concerned with increasing their risk exposure: nearly half of the study’s respondents voice concern about GenAI expanding their organizations’ attack surface. Specifically, 47% of those surveyed are concerned that adopting GenAI in operations will lead to new kinds of attacks targeting their applications, own AI models, data, or services.

It’s clear that when it comes to AI, we’ve crossed a new threshold: business leaders are eager to capitalize on the benefits promised by today’s innovations. In terms of security, they’re betting on new technologies to create more empowered, more productive teams. They’re looking for faster and more intuitive ways of working — whether detecting anomalies, managing risks, or responding to security incidents.

While many business leaders appear willing to accept the risk of insufficiently secured AI operations if it means they can evolve their business faster, security and technology leaders can take this as an opportunity to influence the conversation. It’s essential to understand that secure AI drives powerful AI outcomes, and that today we have the tools, processes, and strategies to help businesses establish secure AI business models as they embark on a dynamic journey of AI adoption.

Access “The CEO’s guide to generative AI: Cybersecurity” here.

Learn more about how IBM can help businesses accelerate their AI adoption securely here.

Learn more about how IBM is leveraging AI across its security portfolio here.

More from Artificial Intelligence

How I got started: AI security executive

3 min read - Artificial intelligence and machine learning are becoming increasingly crucial to cybersecurity systems. Organizations need professionals with a strong background that mixes AI/ML knowledge with cybersecurity skills, bringing on board people like Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, who has a unique blend of technical and soft skills. Carignan was originally a dance major but was also working for NASA as a hardware IT engineer, which forged her path into AI and cybersecurity.Where did you go to…

ChatGPT 4 can exploit 87% of one-day vulnerabilities: Is it really that impressive?

2 min read - After reading about the recent cybersecurity research by Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang, I had questions. While initially impressed that ChatGPT 4 can exploit the vast majority of one-day vulnerabilities, I started thinking about what the results really mean in the grand scheme of cybersecurity. Most importantly, I wondered how a human cybersecurity professional’s results for the same tasks would compare.To get some answers, I talked with Shanchieh Yang, Director of Research at the Rochester Institute…

How cyber criminals are compromising AI software supply chains

3 min read - With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to be a hacktivist organization motivated by an anti-AI cause, specifically targets these resources to poison data sets used in AI model training.No matter whether you use…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today