Security priorities emphasize CISO role on the rise – Source: www.csoonline.com

AI is changing the nature of cybersecurity and that, in turn, is changing the nature of the CISO role.

An overwhelming 98% of respondents to Foundry/CSO’s Security Priorities Study 2024 report significant benefits from using AI-enabled security technologies, up from 72% in 2023.

Among the numerous benefits respondents are seeing from AI-enabled security tech include reduced employee workload (44%), faster remediation of threats (43%), improved vulnerability management (40%), AI’s ability to sift through large amounts of data faster than previous solutions (39%), and the elimination of time-consuming tasks (39%).

So it’s not surprising that AI-enabled security technology is taking up a greater portion of CISO spend, with 49% of security decision-makers saying they are increasing their spending on AI in the next 12 months. Three in four CISOs (775) are actively researching, piloting, or deploying AI technologies in production today, according to the survey.

Foundry / CSO

Further, 59% of security decision-makers say their organization is more likely to use a security tool embedded with AI — up from 52% in 2023.

The growing use of AI technologies — and the need to secure them (31%) — is one reason 72% of security decision-makers say their role has expanded to include additional responsibilities in the past year. Other reasons cited: cyber strategy and policy development (37%), risk management (32%), and innovation and emerging technologies (31%).

Cyber programs have grown more complex

Michael Mainiero, SVP and chief digital and information officer at Catholic Health, says that although his team’s core functions have remained the same, “the scope and complexity of our cyber programs have increased significantly. We have intensified our focus on operational readiness, disaster recovery, frequent patching, and software maintenance.”

Additionally, Mainiero says, the security team’s efforts in detecting and monitoring medical devices and protecting health information have broadened, and the organization has adopted new approaches to social engineering threats. “Overall, the scope of our cybersecurity operations has grown in all areas,’’ he says.

Foundry / CSO

Ken Leeser, CISO of AI platform provider OnCorps, says his responsibilities have expanded to include gathering information and understanding security processes around AI. “This is a fast-evolving field with additional complexities around data privacy and corporate data protection,’’ Leeser says. He adds that the use of AI provides additional challenges in understanding and preventing data leakage on top of issues around general user security awareness.

The CSO survey found that 51% of respondents report to their organization’s CEO, up from 44% a year ago, and 28% report to the board of directors, which may be another reason they have more responsibilities. Rick Doten, vice president of information security and CISO of Medicaid managed care company Centene, says this is a good thing because it has elevated a CISO’s role, “which is what we’ve always wanted.”

But he points out that he has many friends who serve as both CIO and CISO “because their company can’t afford both — I call them Labradoodles. Some are just getting [their] responsibilities expanded because the security leader is a good leader, organized, and has a strong loyal team. So like any job, you give more work to high performers.” Doten adds that he has a CISO friend whose company put her in charge of all purchasing.

Barriers to achieving security goals

Almost all respondents reported several challenges that are keeping them from achieving their security goals. Among them are a lack of sufficient budget, too many competing priorities, employee awareness and training, organizational cultural barriers, employee retention, and hiring skilled and qualified workers.

Another barrier is the constant threat of cyberattacks, says Mainiero.

“In healthcare, we have a target on our back. As far as cyberattacks, we are the top targeted vertical across all industries,’’ he notes. Other issues that “present unique challenges” are the rising costs of pharma, labor, and reimbursement complexities, he says.

“These financial pressures make it difficult to balance the increasing threat landscape and the growing complexity and cost of cyber programs,” Mainiero says, adding that a robust cyber program can cost a hospital several millions of dollars. “However, our team’s primary challenge is not just to balance these escalating cybersecurity needs with the financial realities of healthcare, but to lead this alignment, ensuring that critical patient services remain uninterrupted.”

For Leeser, the main challenge is management. “The biggest challenge for me is executive commitment. Corporate priorities continue to stress top-line sales and bottom-line profits with a limited focus on cyber risk,’’ he says.

In the big picture, says Doten, the biggest challenge to achieving security goals is the “great firewall of HR preventing [the] hiring of the best candidates.” He attributes this to filters in applicant tracking systems that immediately reject applicants who may be qualified.

Some savvy candidates use AI to match their resume to the job description, Doten says. “But when they get the interview, the people leader realizes they don’t know what they are talking about.” He believes there is too much emphasis on degrees and candidates who have a good resume and interview well. 

Doten feels strongly that more attention needs to be paid to neurodiverse candidates and spoke on the topic of neurodiversity in cybersecurity at RSA.

How AI will be leveraged in security technologies

Although AI is being used in several security areas, most organizations are still in the planning stage, according to the CSO priorities report. Currently, about a quarter of organizations surveyed are already using AI for malware detection (26%), threat detection (24%), and automating alerts and triage (23%).

Foundry / CSO

Another 40% of security decision-makers are not that far along yet — but report that they’re planningto leverage AI in these same security technologies in the next 12 months. In terms of where the opportunity is in the future, 40% are planning to utilize AI in threat detection, 39% for automation — alert and triage, 38% for real-time risk prediction, and 36% for malware detection.

Overall in all categories, security executives at enterprise organizations are more likely to be currently using or leveraging AI in their security technologies, according to the report.

Security priorities for the coming year

Even with more than half (55%) of security leaders saying their security budgets will hold steady in the next 12 months (and for 63% of SMBs), security leaders cited several priorities for enhancing their organization’s security.  The top priority is strengthening the protection of confidential and sensitive data (40%), followed by upgrading IT and data security to boost corporate resiliency (37%), and enhancing security awareness through end-user training (31%).

Catholic Health’s Mainiero says his top priority for the coming year is resilience, which he says includes people, processes, and technology. “We focus on ensuring our ability to maintain critical operations even under cyberattacks,’’ he says. “This is crucial because the impacts of a breach can be life-threatening.”

Foundry / CSO

For example, a ransomware attack could prevent access to electronic health records, causing delays in urgent surgeries or cancer treatments, he notes. “It could turn off imaging systems, making it impossible to read radiology scans for stroke patients where every minute counts. We could lose access to medication dispensing systems, risking medical errors or delays.”

Mainiero’s team is leading this effort, investing in advanced software and technology to enhance threat identification and protection, especially for Catholic Health’s medical devices and critical care systems.

“We focus on creating a robust, responsive cybersecurity framework that can withstand modern threats while supporting continuous, high-quality healthcare delivery,’’ he says. “The goal is to prevent cyber incidents that could force us to cancel surgeries, divert emergency room traffic, or compromise our ability to provide timely, life-saving care. By explicitly connecting our cybersecurity efforts to patient outcomes, we are emphasizing the critical nature of this work in healthcare.”

Doten points out that security issues and priorities will vary drastically by company size, and that 99% will have experiences and struggles that are different from the Fortune 500 companies — depending on where they fall in that paradigm. “As a large company, our biggest problem is our partners and affiliates in the 99% keep getting hacked, and we have to respond to that by cutting off access, disabling accounts, providing assistance in incident management, connecting them to support resources, and adjusting our business process to accommodate their outage.”

CSO’s 2024 Security Priorities Report surveyed 870 IT security executives, managers, and professionals globally to gain a better understanding of the current security projects organizations are focused on today and in the year ahead. The survey also looked at security’s role within the business and security leaders’ growing engagement with the board of directors. 

[ Read the Executive Summary here, or receive your full copy of Security Priorities 2024 here. ]