Press ESC to close

How Will AI Change the CISO Role?

Artificial intelligence is being used widely, and this has serious implications for both people and businesses. According to the IBM Global AI Adoption Index 2022, 42% of businesses are considering implementing AI, while 35% are already using it. AI raises several questions for chief information security officers. How will the CISO position change when this technology becomes more widely available and used?

Power of CISO

AI has the power to both simplify and complicate a CISO’s job in various ways. To enhance cybersecurity, their teams can use AI techniques. Every single day, security operations centers (SOCs) handle thousands of notifications. Threat actors do, however, often use AI techniques to support their assaults. Threat actors will become more adept at using AI to attack as CISOs and their teams become more adept at using it to defend.

The Current CISO Position

According to the 2022 Global Chief Information Security Officer Survey conducted by executive search firm Heidrick & Struggles, CISOs handle five functions: security operations, governance, risk, compliance, and product security.

AI may have an effect on any of those tasks. A company’s security procedures might be improved with the help of AI tools. Risk and compliance are essential components when adopting AI technology. Moreover, CISOs need to be aware of how threat actors employ AI to compromise the security of their organisations and their products.

Cybersecurity and the CISO role no longer operate independently of a company’s core leadership. According to 88% of respondents to the Heidrick & Struggles CISO study, CISOs at their businesses either report to the board as a whole or a committee.

Vasu Kohli, the CISO of the cross-channel marketing platform Iterable, agrees that AI will force the CISO job to get a more strategic approach.

The article claims that the CISO is “removed from the operational position they typically find themselves stuck in and positioned in an architect’s seat.”

Arvind Raman, senior vice president and CISO of cybersecurity company BlackBerry, states that while new and different technologies may emerge, the CISO’s primary duty will stay the same: to understand and weigh the advantages and disadvantages of these technologies while also being prepared to act.

People Also read – Building LLM applications with vector search in Azure Cognitive Services

Benefits and Drawbacks of Various Reporting Systems

There are several benefits and drawbacks to various reporting systems:

  • Benefits 

As opposed to a straight connection to the board, where matters regarding to cybersecurity risks and mitigation could be decided more quickly but might lack consistency if there are frequent changes or rotations in board members, assigning the responsibility for disclosing to another C-suite executive could carry consistency and streamline decision-making because all information security lines would be under one leader.

  • Drawbacks 

The drawback is choosing a structure that enhances departmental collaboration while following through on any rules unique to a sector or size of business. Lastly, businesses should look for a solution that puts company goals first while using all available resources to ensure effectiveness.


The capability of AI is tremendous, and CISOs must negotiate both its present consequences and its long-term responsibilities. Understanding AI is important, but understanding its effects on businesses is the next step. Companies are debating whether to actively promote the use of AI technologies or to outright forbid them until the threats are fully known. The answers to these concerns will change as AI is used more often, which will be a continuing obligation for CISOs. It will be crucial for CISOs to manage the constantly shifting world of AI by making effective and responsible use of AI tools and reducing risks.