Generative AI: The Reality of Applications for CISOs & Their Benefits
Over the past few months, we’ve seen continuous expansion within the generative AI landscape. These developments have prompted executive teams to look to the bigger picture, considering how generative AI will shape business operations and the future of work as a whole. Key figures within this process will be Chief Information Security Officers (CISOs). Traditionally, the role of a CISO is focused on security, compliance, and risk mitigation, but these decision makers could serve to step beyond their remit, to implement new ways of working with generative AI that enhance their company.
We’re going to outline why CISOs will be fundamental in this technology transition – from outlining their role in generative AI risk assessment, to sharing ideas on how these professionals can steer the usage of generative AI technologies. We will also explore some of the generative AI hype in comparison to its actual adoption, establishing perspectives from key industry bodies.
What is Generative AI?
Before we delve into the ways that CISOs can overhaul the usage of generative AI, we’re going to define the concept. Generative Artificial Intelligence refers to systems that create text, images, or other media formats, produced through input programming which recognizes patterns and structures to provide their output. Generative AI tools such as ChatGPT and DALL-E are already serving purposes across a plethora of industries, improving the efficiency of otherwise manual, time-consuming tasks and workflows.
Understanding the Generative AI hype: Cutting Through the Noise
While there’s been plenty of excitement towards the emergence of generative AI application, actual adoption has revealed a degree of limitations that its current technologies face – and this has even led to questioning the value of some of the most popular generative AI tools, as we established in our recent State of Generative AI survey.
Generative AI became pervasive in record time – the launch of ChatGPT’s app in November 2022 broke all records for downloads, hitting 100 million within two months, and in June 2023, ChatGPT had more than 1.6 billion visits. More importantly, it has spawned thousands of applications for everything from coding to creating visual art. It’s no surprise as to why – ChatGPT is a powerful tool for increasing productivity for individuals and across enterprises.
As an indicator of the tools’ prowess, McKinsey highlighted 63 generative AI use cases spanning 16 business functions that could deliver a total value in the range of $2.6 trillion to $4.4 trillion in economic benefits annually when applied across industries. Jaw-dropping numbers like this have caught the attention of CEOs around the world, and a recent Accenture “Pulse of Change” survey highlighted that 97% of CEOs (out of 2,300+) believe generative AI will be a transformative turning point for their company and industry. The survey also established that 44% are already acting, investing in finding ways to put generative AI tools to work.
IT leaders are in agreement too, according to Salesforce’s Annual State of IT report:
- 86% of IT leaders expect Generative AI to soon play a prominent role at their organizations.
- 57% believe Generative AI is a “game changer.”
- 67% of IT leaders surveyed said they have prioritized Generative AI for their business within the next 18 months.
- 33% said it was a top priority.
The Nascent Reality of the Generative AI Landscape
It’s worth remembering that almost everything around generative AI has happened within the last year, and consequently most organizations do not yet have a unified strategy in place. Having this kind of consideration in place is non-negotiable if you want to maximize the potential of this dynamic technology. A succinct generative AI strategy will empower businesses with the understanding of existing productivity gains, while also shedding light on upcoming and long-term opportunities across the organization, and for good reasons.
While CISOs clearly understand the transformative upsides of generative AI, the headwinds for implementation and adoption are real and daunting – and generative AI legal issues are valid red flags. Nearly two in three IT Pros (65%) in the Salesforce survey said they can’t justify implementing generative AI yet because:
- Generative AI will introduce new security threats to their data (71%).
- Their employees lack the skills to use it successfully (66%).
- Generative AI can’t yet integrate with their business’s tech stack (60%).
- Their organization lacks a unified data strategy (59%).
There’s a collective wariness towards generative AI amongst CISOs, with 46% citing artificial intelligence and machine learning as the most significant organizational risk, according a recent survey of by Heidrick & Struggles
So, while CEOs want to implement generative AI imminently to gain and sustain a competitive advantage, CISOs must ensure it is done so responsibly, securely and in line with compliance. This doesn’t mean that the CISOs don’t want to increase company productivity and growth – security, compliance and risk reduction is simply part of their job description. However, they still have a mutual pain with the C-suite, as they assess ways that they can accelerate and extract the benefits of generative ai throughout their organization. CISOs approaching the technology armed with a generative AI risk assessment will give firms the confidence that they need to make informed investments.
5 Ways that CISOs can Shape the Usage of Generative AI Applications
No leadership role is more prepared for addressing the challenges as well as incredible opportunities that generative AI creates. We’ve outlined five important ways that CISOs can open the floodgates for generative AI growth, beyond security & compliance:
1. Uncovering Areas of Opportunity & Innovation in Generative AI
By gaining visibility into all sanctioned and unsanctioned generative AI activity within the enterprise, CISOs can benchmark areas of productivity and innovation along with risky behaviors. CISOs can also look for gaps within a generative AI strategy, suggesting ways that its implementation could have a positive impact on areas that it isn’t being leveraged. Additionally, conducting regular audits of generative AI applications can reveal underutilized features, fostering a culture of continuous improvement. In essence, visibility creates a positive first step, and it’s a big win for the enterprise.
2. Creating a Foundational, Unified and Long-Term Generative AI Roadmap for Success
Since generative AI can be applied to every aspect of business operations, CISOs can lead the charge in creating a unified strategy for data use, governance, education and data security. Collaborating with data scientists and AI experts, CISOs can establish best practices for generative AI implementation, ensuring alignment with organizational goals. Regularly updating this roadmap based on emerging technologies and industry trends will keep the organization at the forefront of generative AI advancements.
There are plenty of resources for CISOs to lean on to do so, as new findings are constantly emerging, shedding light on the most effective ways to steer a generative AI strategy.
3. De-Commoditize Employee Education on Generative AI Prompting and Data Usage
If all companies have the same generative AI tools, the only true differentiator is how well they are used. Visibility provides the opportunity to monitor and measure how generative AI is being used by employees throughout the organization and can highlight areas for improvement. CISOs can create real, significant reporting for HR and department leaders on where to enhance employee training to get the most out of their generative AI applications.
To enhance employee education, CISOs can establish training programs that cover not only the technical aspects of generative AI but also its ethical use. This includes educating employees on responsible data handling, privacy considerations, and the potential societal impact of generative AI applications.
4. Secure Newly Created Intellectual Property in Real Time
By its nature, generative AI can create new intellectual property every time it’s used. Companies using generative AI need to manage and secure that new intellectual property, and this is a critical area for CISOs to enable. Implementing robust data encryption protocols and access controls will safeguard newly generated intellectual property. CISOs should collaborate with legal teams to establish clear guidelines on ownership and protection of AI-generated assets. Regularly updating security measures to counter emerging threats will ensure the ongoing protection of valuable intellectual property.
5. Monitoring Analytics and Insights on Generative AI Applications to Measure Progress
Creating real-time, ongoing reporting and analytics will help each department continuously measure success, uncover areas of opportunity, and evolve the program to meet and exceed its productivity and growth goals. Any impactful generative AI roadmap ought to be accompanied by its own set of KPIs, and CISOs can ensure these are established from the offset.
Utilizing advanced analytics tools, CISOs can track the performance of generative AI applications, identify patterns in usage, and measure the impact on business objectives. Regularly sharing these insights with relevant stakeholders fosters a data-driven approach, enabling the organization to adapt its generative AI strategy in real-time based on performance metrics and user feedback.
Certainly, security & compliance are a CISOs priority at every stage, but through a willingness to adopt generative AI, CISOs will find they are presented with an opportunity to take the lead on what may be their organization’s most important goal – to outcompete their category, enhance internal productivity and grow revenue aggressively.
Download Our Latest Gartner Report
4 Ways Generative AI Will Impact CISOs and Their Teams
Many business and IT project teams have already launched GenAI initiatives, or will start soon. CISOs and security teams need to prepare for impacts from generative AI in four different areas:
- “Defend with” generative cybersecurity AI.
- “Attacked by” GenAI.
- Secure enterprise initiatives to “build” GenAI applications.
- Manage and monitor how the organization “consumes” GenAI.
Download this research to receive actionable recommendations for each of the four impact areas.