"Fifth of CISOs Admit Staff Leaked Data Via GenAI"

Security researchers at RiverSafe have found that one in five UK companies have had potentially sensitive corporate data exposed via employee use of generative AI (GenAI). The researchers noted that the data leak risks of unmanaged GenAI use help to explain why three-quarters of surveyed CISOs (75%) claimed that insiders pose a greater risk to their organization than external threats. The researchers stated that UK CISOs are concerned not just about the risks associated with employee misuse of AI, but of the technology being used by threat actors. A fifth of respondents told RiverSafe they believe it’s the biggest cyber threat facing their organization. The UK’s National Cyber Security Centre (NCSC) warned in January that GenAI is already being used to improve social engineering, and will “almost certainly” drive an increase in the volume and impact of cyberattacks over the next two years. During the study, the researchers also found that two-thirds (65%) of responding CISOs claimed that AI has limited their cybersecurity budget, because boards expect the technology to supercharge the productivity of existing teams. However, those teams are already being stretched to the limit, with 83% of respondents admitting their organization currently has a cyber skills gap.

Infosecurity Magazine reports: "Fifth of CISOs Admit Staff Leaked Data Via GenAI"