Generative AI has emerged as the chief concern for companies across geographies as three-fifths of global board members believe it poses huge security risks, according to a report by Proofpoint.
The report built from survey responses of 659 board members at organizations with 5,000 or more employees across industries underlined a general sense of panic as it found a majority of respondents fearing a material attack in 2023.
“The year-over-year change may reflect the ongoing volatility of the threat landscape, including lingering geopolitical tensions and rises in disruptive ransomware and supply chain attacks,” said the report. “The emerging risk of artificial intelligence (AI) tools such as ChatGPT may also be contributing to these sentiments.”
The participants were from organizations in countries including the US, the UK, Canada, France, Germany, Italy, Spain, Australia, Singapore, Japan, Brazil, and Mexico.
Generative AI adds to existing board panic
With 73% of the respondents fearing a material cyberattack on their organization this year, up from 65% in 2022, boards are growing wary of emerging technologies like generative AI.
A significant number (59%) believe that generative AI presents a high-security risk to their organization. Generative AI’s risk comes from the fact that it can be weaponized by miscreants, using tools like ChatGPT, to create and deliver malware for any kind of attack.
Top concerns noted in this year’s edition of the Proofpoint report include malware (40%), cloud account compromise (36%), and insider threat (36%) against last year’s email fraud or business email compromise (41%), cloud account compromise (37%), and ransomware (32%).
Ransomware still occupies a key spot on the threat list as it is indicated as a major concern by 35% of the respondents.
Aware and diligent but not quite there
The report highlighted that an impressive number of executives are aware of the importance of cybersecurity and are willing to take action.
“Seventy-three percent of directors agree that cybersecurity is a priority for their board, 72% believe their board clearly understands the cyber risks they face, 70% think they have adequately invested in cybersecurity, and 84% believe their cybersecurity budget will increase over the next 12 months,” the report said.
However, there is a general lack of preparedness as 53% of respondents confessed they are unprepared to cope with a cyberattack over the next 12 months. Another challenge to cyberresilience identified by the study is the non-alignment of directors with respective CISOs in areas of people risk and data protection.
Bigger budgets, additional cyber resources, and better threat intelligence emerged as top boardroom wishes for the year in the study.