HomeCyber BalkansCISOs Warn That Boardrooms Still Struggle to Understand the Human Cyber Risk...

CISOs Warn That Boardrooms Still Struggle to Understand the Human Cyber Risk Amplified by AI

Published on

spot_img

The Growing Disconnect Between European CISOs and C-suite Awareness of Cyber Risks

Recent research has revealed a troubling disconnect in the perception of cyber risk between Chief Information Security Officers (CISOs) and the C-suite in Europe. More than three-quarters of CISOs believe that their respective leadership teams do not fully comprehend the cyber risks posed by their own employees. This widening gap coincides with the rapid evolution of artificial intelligence (AI), which is making attacks on human judgment faster, more persuasive, and increasingly difficult to detect.

This troubling insight emerges from a study conducted by MetaCompliance, a firm specializing in human cyber risk management. The study surveyed 200 CISOs across the UK, France, Germany, and Sweden, painting a stark picture of security leaders struggling to mitigate human-layer risks without the necessary backing from senior management, clear ownership of security protocols, and a shared understanding of the stakes at play.

The Evolving Concerns of CISOs Regarding AI

The survey highlights that many CISOs feel less confident about their organizations’ cyber resilience compared to the previous year, with AI-enhanced social engineering identified as the leading concern by nearly half of those surveyed. This shift indicates a significant change in the tactics utilized by cybercriminals, who are moving away from easily identifiable phishing attempts to more sophisticated impersonation and fraud tactics generated at scale.

A considerable number of security officials—over two-thirds—still rank their own staff as the most significant security risk to their organizations. This suggests that rather than introducing an entirely new set of problems, AI is merely amplifying existing vulnerabilities related to human behavior in cybersecurity.

Specific fears related to AI-driven threats include:

  • More than 40% of CISOs express concerns that AI is accelerating the frequency and severity of social engineering attacks.
  • 40% worry that employees are inadvertently inputting sensitive data into generative AI tools.
  • 41% of CISOs are troubled by the potential for malicious insiders to leverage AI for fraud, cybercrime, or data theft.
  • The UK stands out specifically, as deepfake impersonation is cited by over half of UK CISOs as a critical threat, the highest proportion found in the study.

The Erosion of Support from Leadership

The findings become particularly unsettling when considering the level of support that CISOs receive from their organizations. Nearly four in five CISOs—79%—report that initial enthusiasm from leadership regarding security awareness programs diminishes after the initial launch. Furthermore, 76% express frustration over the need to cater to various stakeholders, each demanding different human-risk metrics. Approximately a quarter acknowledge the lack of cross-functional alignment as an area where they feel least assured in their management capabilities.

James Mackay, the CEO of MetaCompliance, underscored the gravity of the situation. He stated, "With attackers no longer relying on obvious scams or poorly written phishing emails, organizations must now contend with highly convincing impersonation attempts and social engineering attacks at scale." Mackay emphasized that this situation necessitates ongoing executive engagement rather than sporadic initiatives. He remarked, "Human cyber risk has evolved into a strategic business risk. If leadership involvement wanes after the initial push, organizations could find themselves severely exposed."

Strategies for Moving Forward

Improving resilience against AI-driven social engineering attacks is becoming an explicit priority for CISOs in the coming year, with almost a quarter identifying it as a key focus area. Mackay advocates for a structural shift in approach; organizations that succeed will treat human risk management as an ongoing discipline rather than a one-time training exercise. This approach would involve offering employees real-time, contextual support at critical decision-making moments, rather than relying solely on infrequent, annual training modules.

The findings come at a critical juncture, as AI-generated phishing schemes, deepfake audio and video, and synthetic impersonation are becoming increasingly difficult to differentiate from legitimate communication. This evolution imposes fresh pressures on security teams to secure unwavering support from the top echelons of management before the next wave of sophisticated attacks materializes.

In summary, the research indicates an urgent need for improved understanding and collaboration between CISOs and the C-suite regarding cyber risks exacerbated by AI technologies. As cyber threats continue to evolve in complexity, so too must the strategies and support structures within organizations.

Source link

Latest articles

23andMe Encounters New Security Requirements in $18 Million Data Breach Settlement

Major Settlement Reached Between 23andMe and Coalition of Attorneys General In a significant development stemming...

ISMG Editors Discuss the Mainstream Adoption of AI Phishing Kits

In a recent discussion, four prominent editors from Information Security Media Group (ISMG) convened...

OnlyFans Performers Forge Unexpected Alliance with CISOs to Secure Websites

Investigation Reveals Illicit Distribution Systems Exploiting Adult Content In a recent examination of digital traffic...

Cyber Briefing – July 17, 2026 – CyberMaterial

Cybersecurity: A Rising Threat Landscape and Corporate Responses In recent times, the cybersecurity landscape has...

More like this

23andMe Encounters New Security Requirements in $18 Million Data Breach Settlement

Major Settlement Reached Between 23andMe and Coalition of Attorneys General In a significant development stemming...

ISMG Editors Discuss the Mainstream Adoption of AI Phishing Kits

In a recent discussion, four prominent editors from Information Security Media Group (ISMG) convened...

OnlyFans Performers Forge Unexpected Alliance with CISOs to Secure Websites

Investigation Reveals Illicit Distribution Systems Exploiting Adult Content In a recent examination of digital traffic...