3 Themes from CISOs on their Outlook for AI

One of the top priorities for CISOs this year is Generative and Traditional AI, according to our annual Leadership Perspective Survey of thousands of Evanta community members. As they aim to protect their organizations from a constantly changing threat landscape, CISOs are also trying to securely implement new technologies – like AI – that can help grow the business. 

Last year, we surveyed CISOs in our communities on whether or not they were using AI and GenAI, in particular. This year, amidst some pressure to find efficiencies with AI, we wanted to know if their views or approaches to AI have changed. 

More than 400 CISOs responded to our recent 2024 survey and shared how they are progressing on AI adoption and what their outlook is – here are the 3 themes that emerged from their responses.
 

1. CISOs are the farthest along on AI implementation among their C-suite peers.

Fifty-two percent of CISOs report that they have developed some AI use cases – the highest percentage who cited that among the C-suite executives we surveyed. The role nearest to CISOs on the AI adoption journey is CIOs – which perhaps reflects that security and IT leaders are tasked with AI discovery, implementation and security at their organizations. 

In addition, 12% of CISOs say they have achieved some measurable results from AI, and 18% report that they have completed some use cases and are evaluating the results. In the comments, security leaders shared that they are “still exploring [AI] use cases and impact on productivity.” Another executive noted, “AI can be helpful in some use cases today, but it boils down to the risk appetite at your organization when choosing to use AI for certain business functions or services.”

Both positive and negative use cases are emerging, which was predicted and expected… We should take the opportunity to leverage the tech, where possible, and stay abreast of scenarios where AI is leveraged for social engineering and other attack vectors.”

2. CISOs are highly concerned about security when it comes to AI adoption.

Among their C-suite peers, CISOs have the highest percentage of respondents who are concerned about deploying AI securely – with 88% of CISOs reporting they are concerned about managing the risks of AI. The role nearest to matching their concerns about security are CIOs with 76% reporting security concerns in the survey. In addition, 79% of security leaders cite concerns about data privacy, and 72% are unsure if they can manage how the workforce is using AI.

In their comments, CISOs recognize that while AI can significantly enhance cybersecurity measures, it also introduces new vulnerabilities and threats. There is a strong emphasis on the need for AI-based protective solutions to counter threats from malicious actors using AI. Some CISOs are unsure if they’ve seen these protective measures come to fruition yet, with one commenting, “There are some obvious use cases where generative AI can really help our business work more effectively or reduce costs, but I've yet to see real benefits in the security space despite all the hype.”

Security leaders are also well aware that bad actors will take advantage of AI. One executive said that “more advanced attacks will come into play,” and another noted, “There are certainly use cases that could make great improvements, but also a risk that it will allow the criminals to move faster.”
 

3. Despite their concerns, CISOs maintain a positive outlook on AI.

In the survey, CISOs report a positive outlook on the future of AI despite their concerns about implementing AI across the organization. A combined 83% of security leaders describe their sentiments about AI as “very positive” or “somewhat positive.” Almost no CISOs describe their outlook as negative. 

Many CISOs in the survey comments express cautious optimism about AI's potential to improve efficiency and productivity. They recognize the current hype and emphasize the importance of setting realistic expectations. One CISO wrote, “A lot of hype to sort through, but absolutely precious nuggets to be revealed eventually.” Another executive shared, “Be cautious – it's another new technology early in the hype cycle.”

High in the hype curve, but some novel uses are certainly coming forward.”

While AI has significant promise, many CISOs note it is still maturing, and its practical applications may not yet align with the high expectations set by the market. They are particularly cautious about AI tools. One executive said, “I do a lot of research before deciding to buy AI-based software. In the right context and use case, AI can be very beneficial.”

In addition, the survey comments revealed a consensus on the need for strong governance models to manage AI's deployment effectively. There are considerations around ethics, data privacy, and compliance. CISOs stress the importance of establishing clear policies and guidelines to ensure AI is used responsibly and securely within organizations.

Overall in the survey, CISOs demonstrate a balanced view of AI, recognizing its transformative potential while being mindful of the significant challenges and risks associated with AI implementation. They advocate for a measured and responsible approach to adopting AI technologies. One CISO summed it up this way: “I believe AI will be a transformative technology that will help organizations drive efficiencies and augment their human assets, but it is not without risk and must be approached in a measured and responsible way.”

If you are a CISO navigating AI adoption at your organization, check out an opportunity to discuss it with your peers by joining an Evanta CISO community. If you are already an Evanta community member, sign in to MyEvanta to find your community’s next gathering.