Surveyed Board Members See Generative AI as Cybersecurity Risk

September 06, 2023 - Ransomware and supply chain attacks remain top cybersecurity threats across all industries. But board members are also worried about the rise of generative AI, a risk so new that it is difficult to quantify. Proofpoint’s second annual “Cybersecurity: The 2023 Board Perspective” report found that 59 percent of surveyed board members believe that generative AI is a security risk to their organization.

Proofpoint surveyed more than 600 board members across multiple countries and industries. Nearly three-quarters of the board members believe that their organizations face a risk of a major cyberattack in the next 12 months, compared to 65 percent last year.

This increase may be attributed to the volatility of the cyber threat landscape, and even the rising popularity of generative AI, Proofpoint noted.

“As it stands now, the biggest threat from tools such as ChatGPT is employees uploading sensitive content to assist with research or report writing. But bigger problems are no doubt on the horizon,” the report noted.

“AI technology poses security risks Cyber criminals already use AI to reduce the time-consuming aspects of phishing and finding and exploiting vulnerabilities. AI also allows those with limited technical chops to enhance their cyberattacks.”

As previously reported, healthcare researchers have raised concerns about the HIPAA compliance implications of AI chatbots. As these tools continue to gain traction, organizations in all sectors will have to establish guidelines and ensure compliance with data privacy laws as they interact with generative AI.

For healthcare specifically, malware was listed as the most pressing concern for board members. Other top concerns for healthcare included litigation costs and fines related to a cyberattack.

These mounting concerns and emerging technology have at the very least brought cybersecurity to the forefront of board members’ vision. More than 70 percent of respondents agreed that cybersecurity is a priority for their board, and 70 percent believe that they have adequately invested in cybersecurity.

What’s more, 84 percent of surveyed board members reported believing that their cybersecurity budgets would increase over the next 12 months. Despite increased prioritization, 53 percent of respondents still reported believing that their organization is unprepared to handle a cyberattack.

Across all sectors, alignment between board members and CISOs varied, the report showed. For example, board members were relatively aligned with CISOs when it came to concerns about top threats, such as cloud compromise, email fraud, and insider threats.

But board members reported higher levels of confidence when it came to their organization’s ability to safeguard data compared to CISOs. Healthcare reported the lowest levels of interaction between board members and CISOs, with just 36 percent of board members in healthcare agreeing that they regularly interact with CISOs.

“Our findings show that it remains a challenge to translate increased awareness into effective cybersecurity strategies that protect people and data,” said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint in a press release.

“Growing even stronger board-CISO relationships will be instrumental in the months ahead so directors and security leaders can have more meaningful conversations and ensure they’re investing in the right priorities.”

Improvements in communication between board members, CISOs, and other key players is critical as new cyber threats and considerations continue to emerge.