CyberSecurity SEE

CISOs Warn That Boardrooms Still Struggle to Understand the Human Cyber Risk Amplified by AI

The Growing Disconnect Between European CISOs and C-suite Awareness of Cyber Risks

Recent research has revealed a troubling disconnect in the perception of cyber risk between Chief Information Security Officers (CISOs) and the C-suite in Europe. More than three-quarters of CISOs believe that their respective leadership teams do not fully comprehend the cyber risks posed by their own employees. This widening gap coincides with the rapid evolution of artificial intelligence (AI), which is making attacks on human judgment faster, more persuasive, and increasingly difficult to detect.

This troubling insight emerges from a study conducted by MetaCompliance, a firm specializing in human cyber risk management. The study surveyed 200 CISOs across the UK, France, Germany, and Sweden, painting a stark picture of security leaders struggling to mitigate human-layer risks without the necessary backing from senior management, clear ownership of security protocols, and a shared understanding of the stakes at play.

The Evolving Concerns of CISOs Regarding AI

The survey highlights that many CISOs feel less confident about their organizations’ cyber resilience compared to the previous year, with AI-enhanced social engineering identified as the leading concern by nearly half of those surveyed. This shift indicates a significant change in the tactics utilized by cybercriminals, who are moving away from easily identifiable phishing attempts to more sophisticated impersonation and fraud tactics generated at scale.

A considerable number of security officials—over two-thirds—still rank their own staff as the most significant security risk to their organizations. This suggests that rather than introducing an entirely new set of problems, AI is merely amplifying existing vulnerabilities related to human behavior in cybersecurity.

Specific fears related to AI-driven threats include:

The Erosion of Support from Leadership

The findings become particularly unsettling when considering the level of support that CISOs receive from their organizations. Nearly four in five CISOs—79%—report that initial enthusiasm from leadership regarding security awareness programs diminishes after the initial launch. Furthermore, 76% express frustration over the need to cater to various stakeholders, each demanding different human-risk metrics. Approximately a quarter acknowledge the lack of cross-functional alignment as an area where they feel least assured in their management capabilities.

James Mackay, the CEO of MetaCompliance, underscored the gravity of the situation. He stated, "With attackers no longer relying on obvious scams or poorly written phishing emails, organizations must now contend with highly convincing impersonation attempts and social engineering attacks at scale." Mackay emphasized that this situation necessitates ongoing executive engagement rather than sporadic initiatives. He remarked, "Human cyber risk has evolved into a strategic business risk. If leadership involvement wanes after the initial push, organizations could find themselves severely exposed."

Strategies for Moving Forward

Improving resilience against AI-driven social engineering attacks is becoming an explicit priority for CISOs in the coming year, with almost a quarter identifying it as a key focus area. Mackay advocates for a structural shift in approach; organizations that succeed will treat human risk management as an ongoing discipline rather than a one-time training exercise. This approach would involve offering employees real-time, contextual support at critical decision-making moments, rather than relying solely on infrequent, annual training modules.

The findings come at a critical juncture, as AI-generated phishing schemes, deepfake audio and video, and synthetic impersonation are becoming increasingly difficult to differentiate from legitimate communication. This evolution imposes fresh pressures on security teams to secure unwavering support from the top echelons of management before the next wave of sophisticated attacks materializes.

In summary, the research indicates an urgent need for improved understanding and collaboration between CISOs and the C-suite regarding cyber risks exacerbated by AI technologies. As cyber threats continue to evolve in complexity, so too must the strategies and support structures within organizations.

Source link

Exit mobile version