The Nexus of AI and Cybersecurity: Safeguarding Private Company Governance

In today's digital age, where every company increasingly relies on data and technology, the intersection of artificial intelligence (AI) and cybersecurity is a critical and evolving battleground.  As organizations navigate the complex landscape of threats and vulnerabilities, the role of AI in enhancing cybersecurity is going to increase and as a result will impact private companies and their governance.

First, in full disclosure, while I have been in the data security and cybersecurity space since 2001, I have not served in a data security, cybersecurity, CIO, or CISO role.  There are many experts in this space.  AI, however, in regard to cybersecurity is relatively nascent.  As ChatGPT, a generative AI, turns one year old, I was curious it might have to offer on the topic.  I sat down, developed a series of interview questions (“prompts” in the vernacular of ChatGPT) and posed them (all at once) to ChatGPT version GPT-3.5.   Some of these might be questions worthy of discussion by your board members (BOD) and management.

Here are the 8 questions I asked:

Q1: ChatGPT, how would you explain the intersection between AI and cybersecurity and why it's a critical topic for private companies today?

Q2:  ChatGPT what do you think is the role AI plays in enhancing cybersecurity for private companies?

Q3:  ChatGPT, can you provide examples of AI applications in cybersecurity that private companies are using?

Q4: ChatGPT, how does the AI-cybersecurity intersection impact private company governance and decision-making?

Q5: ChatGPT, what are the legal and regulatory implications for private companies regarding AI and cybersecurity?

Q6: What actions should leaders and Boards of Directors take to address the challenges of AI and cybersecurity?

Q7: ChatGPT, how can leaders ensure that AI and cybersecurity are integrated into their company's culture and decision-making processes?

Q8: ChatGPT, how do you see the role of AI in cybersecurity evolving in the future, and what should private companies prepare for?

ChatGPT offered some insightful opinions.  Based on its opinion, I have offered up some action steps. In each section I’ll provide a summary of ChatGPT’s ‘opinion” in italics. Then I’ll suggest some “food for thought” or next steps for private company leaders and board members.

The Role of AI in Cybersecurity

ChatGPT’s perspective is that the intersection of AI and cybersecurity is where advanced technology meets the evolving landscape of digital threats.  AI has revolutionized how we approach cybersecurity, enabling companies to detect and respond to threats more effectively.  This intersection is vital for private companies due to the growing importance of safeguarding sensitive data in an increasingly digital world.

Food for Thought: In their December post, AAG provided some alarming statistics regarding cybersecurity attacks.  These three statistics in the post stood out for me (follow the link to see all the stats):

  • Data breaches cost businesses an average of $4.35 million in 2022.
  • Around 236.1 million ransomware attacks occurred globally in the first half of 2022.
  • Nearly 1 billion emails were exposed in a single year, affecting 1 in 5 internet users.

Phishing is the single most common form of cybercrime. Around 36% of all data breaches involve phishing. An estimated 3.4 billion emails a day are sent by cyber criminals, designed to look like they come from trusted senders. This is over a trillion phishing emails per year.  Email impersonation accounts for an estimated 1.2% of all email traffic globally. 84% of organizations were the targets of at least one phishing attempt in 2022 - a 15% increase on the year before.

The sheer volume of attacks will bring humans to our knees.  Artificial intelligence is a powerful ally in the fight against cyber threats.

Many companies, including private companies, store and transmit sensitive data unsafely.  The 2021 Thales Global Cloud Security Study, commissioned by Thales and conducted by 451 Research, found that 40% of organizations have experienced a cloud-based data breach in the past 12 months and that the vast majority (83%) of businesses are still failing to encrypt half of the sensitive data they store in the cloud. To learn more, download the study and read the results.

Consider using AI to augment your cybersecurity measures:

  • Automate Threat Detection and Response: AI-driven systems excel at real-time threat monitoring, predictive analysis, and swift response.  Machine learning algorithms can identify abnormal patterns in data and behavior, allowing for proactive threat mitigation.  In a world where new threats emerge constantly, AI enables companies to adapt and respond rapidly, reducing the risk of breaches.
  • Precision and Efficiency: AI also plays a vital role in reducing false positives, a common challenge in traditional cybersecurity.  Because AI can rapidly analyze large amounts of data, it quickly learns how to distinguish between legitimate activities and potential threats.  This will enable your security personnel to focus their efforts on genuine risks, optimizing resource allocation and reducing the strain on human analysts.
  • Advanced Security Applications: Private companies are deploying AI in various security applications.  These include email security, network traffic analysis, and endpoint protection.

Looking for ways to achieve quick wins with AI-driven systems?  Start with real-time threat monitoring, email security, network traffic analysis, and endpoint protection.  These systems can adapt to evolving threats, such as zero-day attacks, and identify insider threats by analyzing user behavior.

So-What? The Impact of the Intersection on Private Company Governance

ChatGPT’s opinion is that the integration of AI and cybersecurity has a profound impact on private company governance and decision-making processes.  The implications of data breaches, both financially and reputationally, underscore the importance of proactive cybersecurity measures.

Whether public or private, companies must adhere to an array of legal and regulatory requirements governing data protection and privacy, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).  Non-compliance can result in significant fines.  AI solutions aid in data protection, incident response, and auditing, ensuring that organizations remain compliant.

Food for Thought: Every Board of Directors is charged with managing and mitigating business risk and therefore must now consider cybersecurity as a core component of risk management.

ChatGPT’s opinion is that AI enables more informed governance by providing actionable insights, ensuring compliance with data protection regulations, and safeguarding against data breaches.  By harnessing AI's capabilities, private companies can identify and address potential threats sooner and more effectively.

5 NOW Actions for Leaders and Boards of Directors

As a business leader or director, I hope you have prioritized cybersecurity as a strategic business concern.  To navigate the intricate terrain of AI and cybersecurity, I’d recommend taking five steps:

  1. Prioritize Cybersecurity: If you haven’t, now is the time to establish cybersecurity as a strategic business concern.  Allocate resources to invest in AI-driven cybersecurity solutions, which are more efficient and adaptive in threat detection.
  2. Conduct Comprehensive Risk Assessments: Cyber criminals never rest; therefore, it’s imperative to conduct regular risk assessments to identify vulnerabilities and threats.  Use the results of your assessments to inform the development of robust cybersecurity strategies.  If you can’t conduct the assessment on your own, bring in outside expertise.  Organizations like Forrester regularly review and evaluate firms offering cybersecurity services.
  3. Develop Incident Response Plans: Create comprehensive incident response plans that include AI-driven threat detection and swift mitigation strategies.  This will require collaboration between IT and security teams.
  4. Promote a Culture of Security: Seventy-four percent of data breaches involved humans (read the Verizon 2023 Data Breach Investigations Report).  In the words of Fred Kwong, vice president and CISO at DeVry University, “This is why businesses, organizations, institutions, and other enterprises should cultivate and sustain a strong cybersecurity culture to successfully foil attacks and achieve cyber resilience.”  It is never too soon to foster a culture of security awareness and accountability.  Invest in regular training for employees and keep them in the loop regarding current threats and incidents.
  5. Reporting and Continuous Improvement: Cyber criminals are creative, regularly coming up with new ways to breach your systems.  Some cyber criminals are using AI to assist with creating more sophisticated and difficult to detect attacks.  Main ongoing focus on cybersecurity and refine strategies as threats evolve.  Incorporate regular reporting on security metrics and progress into your board meetings.

Looking to the Future

ChatGPT says that “the future of AI in cybersecurity holds exciting possibilities and challenges.  As AI evolves, it will become more sophisticated and capable of handling increasingly complex threats.  ChatGPT suggested three items on the horizon.  For each item, I’ve identified the potential impact on a private company and its BOD.

  • Increased Automation: AI-driven cybersecurity measures will become more automated, reducing the manual workload on security professionals, and improving response times.

Impact on Private Companies and Boards of Directors: Increased automation allows for a more streamlined and efficient cybersecurity strategy.  Explore how your organization can offload routine security tasks, such as log monitoring, system updates, and even threat detection, to AI-driven systems to reduce the need for manual intervention and the potential for human error.

  •  AI-Driven Threat Hunting: AI will play a pivotal role in proactive threat hunting, identifying emerging threats before they manifest as breaches.  It involves proactive monitoring and analysis of network traffic, user behavior, and system vulnerabilities.  Early detection of emerging threats enables organizations to address these before they escalate into full-fledged breaches.

Impact on Private Companies and Boards of Directors: Private companies benefit from improved threat identification and mitigation.  Boards of Directors need to understand how the organization can leverage AI-driven threat hunting to reduce the risk of large-scale security incidents and protect the company's reputation and financial stability.

  • Adaptive Security:Security measures will become more adaptive and responsive to emerging threats, ensuring a higher level of protection against constantly evolving attack vectors.  Adaptive security gives Boards of Directors assurance that their organization's defenses are not static but are capable of adapting to the ever-changing threat landscape.
Impact on Private Companies and Boards of Directors: Adaptive security will become table stakes in the face of constantly evolving attack vectors. Establish adaptive security measures that are designed to evolve and respond to emerging threats in real-time.  Use these measures to adjust security protocols and defenses to match the evolving tactics of cybercriminals and maintain the trust of customers, investors, and other stakeholders.

These are some initial thoughts about how the nexus of AI and cybersecurity is reshaping the landscape of private company governance.  Every company is responsible for safeguarding sensitive data, complying with regulations, and quickly addressing emerging threats.  The pace and scale at which threats and challenges are expanding.  AI-driven cybersecurity solutions enable private companies and their boards of directors to remain vigilant, prepared, proactive, and competitive.  Depending on your level of maturity, take a crawl, walk, run approach to AI.

Have more questions?  Reach out and tap experts in your network.  Leverage resources provided by organizations such as the Private Directors Association, and in particular, its Cybersecurity Committee


ABOUT THE AUTHORS:

Laura Patterson is president of VisionEdge Marketing.  Since 1999, her firm has worked CXOs and BODs in more than 250 companies to help them grow by delivering customer-centric, data-driven, outcome-based strategies.  Laura is an award-winning author and recognized thought leader.  For more information, visit visionedgemarketing.com or connect with Laura on LinkedIn.

ChatGPT 3.5: I am ChatGPT, a highly advanced AI language model created by OpenAI.  OpenAI released GPT-3, the model upon which I am based, in June 2020.  I represent a subsequent iteration of their technology beyond GPT-3.  My purpose is to assist and provide information across a wide range of topics.  I'm here to answer your questions, engage in conversations, and offer insights based on the extensive knowledge I've acquired through training.  My goal is to assist and empower users in various tasks and inquiries, from education and research to creative writing and problem-solving. 


Disclaimer: The views and opinions expressed in this blog are solely those of the authors providing them and do not necessarily reflect the views or positions of the Private Directors Association, its members, affiliates, or employees.

Share this post: