Organizations in the region are a-changing, and so is the role of the CISO, as AI and other emerging technologies become more pervasive in the digital economy.
Organizations in Asia Pacific (APAC) seeking to remain relevant in 2024 and beyond are leveraging innovations such as AI to expand their digital presence in an increasingly complex cloud-centric environment.
The role of CIOs and CISOs and others in their teams are fast evolving as a result of the growing needs of organizations accelerating their digital transformation to meet business demands.
How is the impending VUCA, the explosive growth of AI applications, and other factors impacting the role of the CISO and boardroom dynamics? What are the pros and cons of a more visible role for the CISO? And how should CISOs prepare their teams to be AI-ready?
CybersecAsia discussed the APAC CISO’s changing role in the AI era with Robert Pizzari, Vice President, Security, APAC, Splunk:
What is driving the growth of the CISO’s role in APAC? How has the role evolved?
To remain relevant and competitive in the modern business environment, organisations need to expand their digital presence. However, this is also accompanied by increased cybersecurity risks, where the threat landscape is evolving rapidly due to emerging technologies and economic headwinds.
As such, the role of today’s CISOs has grown to be more complex than ever before. According to our 2023 CISO Report, 89% of CISOs in APAC have reported that their role has changed so much that it was almost a different job. In fact, we learnt that close to half of CISOs in APAC are now reporting directly to their CEO. CISOs are now focusing on controls and implementation, with APAC reporting the highest percentage of CISOs witnessing the transition of their roles from controllers to strategic architects at 94%.
In what ways does a more visible CISO benefit a company?
The new era of CISOs marks the end of working in isolated bubbles and independent silos. We found that today’s CISOs have more face time and influence with CEOs and boards, leading to increased attention and larger budgets for technology-related matters, including cybersecurity.
A more visible CISO also enables strategic collaboration with engineering and IT teams. While security and IT teams have collaborated before, this is becoming more common and widespread in recent times, and this creates the opportunity to adopt more unified solutions.
Such alliances allow organisations to gain unparalleled visibility across their hybrid environments and address security and IT challenges. In fact, our report shows that CISOs hail collaborations with software engineering/application development, the cloud team and enterprise architecture as vital to ensure resilience throughout the organisation.
It may seem obvious but by working together and leveraging on unified solutions, teams across the organisation can communicate, collaborate and integrate better to expand their systems’ end-to-end visibility and increase overall effectiveness, ultimately leading the organisation to greater success.
What are some possible consequences for companies when they fail to leverage their CISO or cybersecurity experts as part of their boardroom strategy?
Today, almost 48% of CISOs in APAC report directly to their CEO, demonstrating a shift in focus towards the formalisation of their executive roles. Forget forging closer relationships with the C-suite, they are the C-suite.
However, when CISOs are not integrated into an organisation’s boardroom strategy, a critical misalignment between CISOs’ priorities and board directives can occur. In fact, 33% of APAC respondents reported that they had to cut back on cybersecurity staff because of misaligned priorities, which means that security risks were still considered as an afterthought for companies. This oversight can create vulnerability within organisations, leaving them exposed to potential cyber breaches and attacks, which can result in significant data breaches, financial losses, and damage to their reputation.
What is the role of AI in today’s cybersecurity landscape? Does it pose more challenges or benefits?
A majority of the CISOs we surveyed (70%) believe that AI will give cyber adversaries an unfair advantage. Interestingly, despite this finding, APAC expresses the most hope for AI to be used as a defensive tool, believing that it would give them either a slight or significant advantage over cyber criminals. It stands to reason then, that respondents from APAC are most likely to use generative AI for cybersecurity today.
Additionally, 86% believe that generative AI will alleviate skills gaps and talent shortages on security teams by filling labour-intensive and time-consuming security functions and freeing up security professionals to be more strategic AI can also be leveraged for cyber defence by addressing challenges ranging from strategic to deeply technical which would ultimately benefit CISOs. Notably, APAC had the highest percentage of respondents who are most afraid of attacks on operational technology (OT) and IoT.
What should the CISO do for his team and organisation to be AI-ready?
As AI continues to evolve and become more sophisticated, cybersecurity risks will also increase, emphasising the importance of leveraging the CISOs’ experience and strengthened board relationships to achieve a seamless alignment of cybersecurity priorities. This strategic advantage can also help organisations to enhance their defences against any evolving threats.
Collaboration, and having the right tools to enable collaboration, is key to being AI-ready and achieving true resilience. To make the most of emerging technologies such as AI, CISOs should aim to unify their teams’ workflows and processes.
As digital applications become more widespread and embedded across all operational functions within an organisation, using a unified solution not only helps the organisation to detect, investigate, and respond to threats quickly and effectively, but also fosters a collaborative environment for the organisation’s security operations.
