Generative AI in Cybersecurity: Trends and Insights for 2024
Generative AI is reshaping technology, yet cybersecurity leaders are still exploring its potential. Identifying established "best practices" is challenging amidst the evolving landscape of "new practices" that lack proven outcomes and tangible ROI.
Vendors are increasingly promoting AI benefits—innovation, speed, and productivity—but its practical application in cybersecurity is still developing. According to Gartner, the emergence of generative AI-driven security solutions will begin in 2024, with tangible risk management results expected by 2025.
This forecast is part of Gartner's top cybersecurity trends for 2024. Richard Addiscott, Gartner's senior director analyst, highlighted that Chief Information Security Officers (CISOs) are focused on how to ethically and securely integrate generative AI to enhance their strategic goals.
CISOs: Navigating Skepticism and Hope
Addiscott believes that generative AI can bolster security capabilities in areas like vulnerability management and threat intelligence. It could also enhance operational efficiency—a crucial advantage amid the ongoing global cybersecurity talent shortage. However, current employee experiences are more characterized by fatigue than increased productivity. Organizations should foster experimentation while managing expectations internally and externally.
Despite initial skepticism, Addiscott notes there's "solid long-term hope" for generative AI's potential in cybersecurity.
Fostering Security Culture and Behavior Programs
Cultural aspects are vital to cybersecurity success. Gartner reports that CISOs are increasingly adopting Security Behavior and Culture Programs (SBCPs). By 2027, it's predicted that half of large enterprise CISOs will embrace human-centric security practices. These programs aim to cultivate secure behaviors across the organization rather than focusing solely on end-user actions.
To assist in this transition, Gartner has developed the PIPE framework (Practices, Influences, Platforms, Enablers). This approach integrates non-traditional methods, such as organizational change management and security coaching, into cybersecurity practices. PIPE encourages organizations to consider employee demographics and security tool usage data, with generative AI playing a supportive role.
SBCPs enable organizations to analyze data for understanding employee behaviors linked to security incidents and to create more effective responses. However, executive support and a clear vision of successful outcomes are essential for fostering these initiatives. Addiscott warns that SBCPs demand more effort than traditional security awareness training, but organizations can implement these changes incrementally.
Improving Boardroom Communications with Metrics
As cybersecurity regulations tighten globally, board members must become more attuned to organizational risks. Many boards lack deep expertise in cybersecurity, making it difficult to comprehend technical performance indicators. This gap has led to the need for outcome-driven metrics (ODMs), which clarify the connection between cybersecurity investments and protective outcomes. ODMs allow security leaders to showcase their program's performance in terms understandable to non-IT executives, aiding in defensible investment strategies.
Prioritizing Third-Party Risk Management
With the software supply chain facing continuous threats, CISOs are prioritizing resilience-oriented investments over preliminary due diligence. Strengthening contingency plans for high-risk third-party engagements is essential, alongside creating specific incident playbooks and ensuring effective offboarding processes to protect organizational resilience.
Addressing Cybersecurity Talent Shortage
The U.S. faces a significant cybersecurity talent shortage, with only enough qualified professionals to meet 70% of demand. As trends like cloud migration and generative AI adoption evolve, CISOs must move beyond outdated hiring practices that focus solely on years of experience. Emphasis should be placed on "adjacent skills," soft skills like business acumen and communication, and the development of new roles within cybersecurity.
Gartner recommends organizations develop workforce plans documenting necessary skills and facilitating a culture of continuous learning through practical, short-duration training.
Evolving Threat Management Strategies
As attack surfaces expand due to evolving digital landscapes, organizations are grappling with limited visibility. Many are now adopting Continuous Threat Exposure Management (CTEM), which emphasizes ongoing assessment of vulnerabilities rather than a reactive patching approach. This strategy aligns remediation efforts with specific organizational threats. Gartner predicts that prioritizing CTEM will reduce breaches by two-thirds by 2026.
At the same time, Identity Access Management (IAM) remains critical. Organizations should enhance identity hygiene, expand identity threat detection, and evolve their identity infrastructures to create a more secure environment.