CISOs rethink the security organization for the AI era

The ever-changing cybersecurity landscape has long kept CISOs on their toes and now AI is bringing new challenges in how security teams operate and innovate. In some cases, the technology is even changing how they are perceived.

AI capabilities are increasingly being used in cybersecurity programs, according to Deloitte’s Future of Cyber Survey of US cyber decision-makers, with 43% of respondents using AI in their cybersecurity programs to a large extent.

This is helping CISOs gain more influence among an increasingly cyber-savvy C-suite: Almost one-third of respondents noted CISO involvement in strategic conversations about tech investment, the Deloitte survey says.

Still, the change is gradual, stresses Joe Oleksak, a partner at Plante Moran, an accounting and wealth management consultancy.

“After almost 30 years of cybersecurity consulting, I can say with confidence that AI hasn’t revolutionized security organizations — but it is gradually reshaping how they operate,” he says.

The biggest change Oleksak has seen is the growing realization that speed has become the defining factor. Security teams cannot take their foot off the pedal though and think that AI is a magic bullet, he contends.

“AI accelerates everything, both attacks and defenses, which means the fundamentals matter more than ever,” Oleksak says. “Provisioning, permissions, network segmentation, even what information is stored in shared folders must be closely managed, because AI magnifies every mistake.”

This is where discipline comes in. “Organizations that have invested in security over time are seeing efficiencies by layering AI-driven tools into their workflows,” Oleksak says. “But those who haven’t taken security seriously are still stuck with the same exposures they’ve always had. AI doesn’t magically catch them up.’”

In fact, because attackers are using AI to make phishing, scanning, and deepfakes cheaper and faster, Oleksak adds, the gap between mature and unprepared organizations is widening.

Here is a look at how CISOs are re-examining their security organizations to keep up with the pace and potential of AI as the technology becomes a more frequent part of their strategies.