Cybersecurity teams are excluded from the development of upcoming artificial intelligence tools.
Almost half of the companies did not involve cybersecurity teams in discussions about artificial intelligence.
Despite the growing adoption of artificial intelligence tools in organizations of various sizes, cybersecurity professionals have pointed out that they are being excluded from the development process. A recent ISACA study indicates that nearly half (45%) of companies do not involve their cybersecurity teams in the development, integration, or implementation of artificial intelligence solutions.
The threat landscape continues to evolve, just as the tools that security experts use to face these threats do. The report reveals that 28% of cybersecurity teams have begun using artificial intelligence to automate threat detection and incident response, while 27% use this technology for endpoint security.
Although artificial intelligence could facilitate task management and ease the workload of cybersecurity teams, it is also true that AI tools are increasingly being used in cyberattacks against companies. With the rise of regulations related to AI software, such as the European AI Act, establishing appropriate policies has become essential. Surprisingly, only 35% of cybersecurity professionals actively participate in the development of policies governing the use of artificial intelligence technologies in their organizations.
Jon Brandt, Director of Professional Practices and Innovation at ISACA, commented that "cybersecurity leaders cannot solely focus on the role of AI in security operations." He also added that it is crucial for the security area to be involved in the development, incorporation, and implementation of any artificial intelligence solution within the company, including existing products that will later receive AI capabilities.
The cybersecurity sector is also facing challenges in hiring staff, and the study indicates an increase in the use of contractors and consultants to fill this gap. The growing reliance on artificial intelligence or automation to address shortages is yet another reason to ensure that security professionals are included in the implementation phases.
