The Current CISO Outlook on Generative AI


Community Blog
Written by Laurel Hiestand

AUGUST 29, 2023

This spring, CISOs around the world gathered with their Evanta community peers to discuss the most pressing issues they’re facing today – including protecting critical infrastructure from attacks, advancing the business value of security, and navigating the risks and opportunities of generative artificial intelligence.

We have been hearing so much about generative AI from security executives – and executives across all roles in the C-suite – that we decided to make it the topic of our Pulse Survey in June. We periodically survey C-level executives in our communities on a hot topic and share the results with community members, so they can see what their peers are thinking about it. 

Nearly 400 CISOs responded, telling us how they are currently approaching generative AI and how they view the future outlook of it. One big takeaway is that 60% of CISOs are already using generative AI tools at their organizations.

60% of CISOs report their organizations are using ChatGPT or other generative AI tools

The sixty percent of CISOs using AI tools is a higher percentage than any other role in the C-suite. This higher rate of usage could be due to CISOs’ critical role in managing security and risks – it’s possible that more security leaders and their teams are experimenting with AI tools to help develop an organizational approach to them.

In the comments answering how they are using AI tools, many CISOs shared that they are doing research, “experimenting,” or looking into “exploratory use cases only.” Others referred to being in “learning mode,” with one writing, “Just learning about the capabilities and options to integrate them to our services,” and another saying that they are “exploring how such solutions can be beneficial to our business.”

Among the forty percent of CISOs who reported that they are not using it yet, respondents shared that they are investigating the risks and determining the business use cases for AI tools. One security leader said, “We are looking at both how it can be leveraged to improve business processes and also how best to govern its use.” Some shared that they have data privacy and security concerns. 

In fact, 23% of CISOs selected data privacy and an equal percentage chose security when asked about their concerns about generative AI. Twenty-one percent also said that governing the use of AI tools internally was a concern. “Accuracy” and “trusting the output” were also cited by security leaders in the comments under “Other” concerns.


Here are 3 other highlights from the survey, and the complete results can be found here.

1. The CISO outlook on AI is positive.

76% of CISOs said they have a “very positive” or “somewhat positive” outlook for the future of generative AI. Twenty-one percent are neutral, representing a slightly higher percentage of neutral sentiments than the leaders in other C-suite roles reported. Less than 3% of security leaders feel somewhat or very negative about AI and its future impact.


2. Companies are still developing an approach to AI use.

Forty-one percent of security leaders report that their organization is developing an approach to generative AI, but does not have one yet. Twenty-six percent of CISOs said that some employees are allowed to use AI tools, depending on the department, and another 21% allow all employees to use AI tools.


3. CISOs predict AI will create operational efficiencies.

In terms of the future impact of AI on business, 27% of CISOs think that AI will generate operational efficiencies, and 24% predict that it will eliminate tedious tasks from the workforce. Nineteen percent also say that generative AI will improve customer service in the future.


When we asked CISOs about other effects AI may have on business in the future, some executives were optimistic, and some expressed security concerns in their comments:
 

It will enable humans to perform higher order functions.”

There is concern that AI will replace a very large number of jobs.”

It will mean more breaches and reputational harm.”

It will introduce new cyber threats.”


For the complete results of our survey of 400 CISOs, check out our infographic.

If you are a security leader currently navigating the complexities of generative AI, check out our calendar for an opportunity to discuss this topic with your peers, or find your local Evanta community and apply to join.

 

Laurel Hiestand headshot

Laurel Hiestand

Sr Director, Content at Evanta, a Gartner Company