Only 35% of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half 45% report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology.
In response to new questions asked by the annual study, sponsored by Adobe—which showcases the feedback of more than 1,800 cybersecurity professionals on topics related to the cybersecurity workforce and threat landscape—security teams noted they are primarily using AI for:
- Automating threat detection/response (28%)
- Endpoint security (27%)
- Automating routine security tasks (24%)
- Fraud detection (13%)
“In light of cybersecurity staffing issues and increased stress among professionals in the face of a complex threat landscape, AI’s potential to automate and streamline certain tasks and lighten workloads is certainly worth exploring,” says Jon Brandt, ISACA Director, Professional Practices and Innovation. “But cybersecurity leaders cannot singularly focus on AI’s role in security operations. It is imperative that the security function be involved in the development, onboarding and implementation of any AI solution within their enterprise – include existing products that later receive AI capabilities.”
Exploring the Latest AI Developments
In addition to the 2024 State of Cybersecurity survey report findings on AI, ISACA has been developing AI resources to help cybersecurity and other digital trust professionals navigate this transformational technology:
- EU AI Act white paper: Enterprises need to be aware of the timeline and action items involved with the EU AI Act, which puts requirements in place for certain AI systems used in the European Union and bans certain AI uses—most of which will apply beginning 2 August 2026. ISACA’s new white paper, Understanding the EU AI Act: Requirements and Next Steps, recommends some key steps, including instituting audits and traceability, adapting existing cybersecurity and privacy policies and programs, and designating an AI lead who can be tasked with tracking AI tools in use and the enterprise’s broader approach to AI.
- Authentication in the deepfake era: Cybersecurity professionals should be aware of both the advantages and risks of AI-driven adaptive authentication, says new ISACA resource, Examining Authentication in the Deepfake Era. While AI can enhance security by being used in adaptive authentication systems that adapt to each user’s behavior, making it harder for attackers to access, AI systems can also be manipulated through adversarial attacks, are susceptible to bias in AI algorithms, and can come with ethical and privacy concerns. Other developments, including research into integrating AI with quantum computing that could have implications for cybersecurity authentication, should be monitored, according to the paper.
- AI policy considerations: Organisations adopting a generative AI policy can ask themselves a set of key questions to ensure they are covering their bases, according to ISACA’s Considerations for Implementing a Generative Artificial Intelligence Policy—including “Who is impacted by the policy scope?”, “What does good behavior look like, and what are the acceptable terms of use?” and “How will your organisation ensure legal and compliance requirements are met?”
Advancing AI Knowledge and Skills
ISACA also has added to its education and credentialing options to help the professional community keep pace with the changing AI and cybersecurity landscape:
- Machine Learning: Neural Networks, Deep Learning, Large Language Models— ISACA’s latest on-demand AI course, which joins the recent Machine Learning for Business Enablement course, as well as others on topics such as AI essentials, governance, ethics and audit, can be accessed through ISACA’s online portal at the learner’s convenience and offers continuing professional education (CPE) credits. The courses are available at www.isaca.org/ai.
- Certified Cybersecurity Operations Analyst— As emerging technologies like automated systems using AI evolve, the role of the cyber analyst will become more critical in protecting digital ecosystems. ISACA’s upcoming Certified Cybersecurity Operations Analyst certification, launching in Q1 2025, focuses on the technical skills to evaluate threats, identify vulnerabilities, and recommend countermeasures to prevent cyber incidents.