How do security leaders view AI and cyber risk insurance?

Despite the evolving landscape of cybersecurity, the top priorities for chief information security officers (CISOs) have remained consistent over the years. The perennial focus on being prepared to respond to security incidents, safeguarding confidential data, and enhancing overall cybersecurity resilience is now joined by a newfound emphasis on securing cloud data and systems. As organizations increasingly invest in and rely on cloud solutions, security leaders find themselves at the forefront of steering IT infrastructure and fortifying corporate defenses.

In this blog, I will dive into some of the key takeaways from Foundry’s 2023 Security Priorities study and explore security leaders’ emerging concerns, such as the viability of cyber risk insurance, and the transformative impact of artificial intelligence.

Top priorities – much of the same

Security priorities haven’t changed that much, and that’s probably a good thing. Those priorities have for years reflected on how CISOs view the risks that they face and how they allocate resources to manage those risks. As always, they need to be appropriately prepared to respond to a security incident whether it be ransomware, a data breach or whatever. They’re constantly focused on improving the protection of confidential and sensitive data. New this year, they’re very focused on how to improve the security of their cloud data and systems as their organizations have invested greater resources in, and trust in, cloud solutions. As CISOs play a greater and greater role in leading IT infrastructure, the importance of leveraging their resources to boost corporate resiliency is the number 4 priority.

• Be appropriately prepared to respond to a security incident (e.g. ransomware, data breach, etc.)
• Improve the protection of confidential and sensitive data
• Improve security of our cloud data and systems – new this year
• Upgrade IT and data security to boost corporate resiliency

Cyber risk insurance – worth the investment?

This year’s security priority study drilled into the topic of cyber risk insurance. Over the past decades CRI has become an increasingly important vehicle for offloading risk but the challenging nature of insuring against damages caused by cyber-attacks has become increasingly difficult to manage and expensive to afford. 52% of this year’s respondents agreed that cyber risk insurance is a key part of their strategy to offload risk, but they also feel that CRI is becoming too expensive and that insurers are demanding too much to make CRI worth the effort. As they found themselves managing the renewal process this past year 44% said it to was more difficult than in prior years. Additionally, liability caps on individual policies are driving more than one-third of CISOs to stack their policies – essentially buying multiple policies to spread out the risk and gain the levels of coverage that they need.

AI – a mixed bag

One would be hard pressed to find a topic generating more debate among security professionals than artificial intelligence. Fully two-thirds of those surveyed this year indicated that they are using AI to enable their security technologies, most notably in threat detection, malware detection, automation alert and triage, real time risk prediction, and incident response. Many are seeing real benefits, such as faster identification of unknown threats, an acceleration in the detection and response times, and the use of AI to sift through large amounts of data faster than any previous solutions.

They also found AI effective at eliminating time-consuming tasks that can reduce the employee workload and allow their security organizations to be more proactive and offer faster remediation of threats. But, of those security leaders using AI in their security solutions 28% are not yet seeing any benefits. We’re early in the adoption of AI and we can expect to see this area evolve rapidly, but solution providers touting their AI capabilities need to do a better job of helping their customers identify the benefits from this new technology if they hope to be successful.

The bottom line

The adoption of artificial intelligence presents both promise and challenges, with a majority reaping benefits in threat detection and response, but a notable fraction yet to realize its full potential. In the world of cybersecurity, adaptability remains at the forefront, ensuring that organizations stay one step ahead in safeguarding against complex threats. I outline how the CSO and CISO are better aligning with the board of directors to prepare for these future threats and abide by new regulations in my other blog, The evolving challenges and the growing risks of the CSO.