Managed security services provider LevelBlue has released research indicating that many Chief Information Officers (CIOs) anticipate an increase in AI-driven cyber attacks in the near future, yet a significantly lower number feel prepared to respond effectively. The report, titled Persona Spotlight: CIO, reveals that 51 percent of CIOs believe AI-powered attacks are likely to occur within the next 12 months, while only one-third express confidence in their organization’s readiness to handle such threats.
The findings highlight a widening gap between the rapid adoption of AI technologies and the maturity of cyber risk management practices within organizations. As CIOs often spearhead the integration of automation and data-driven systems into their operations, these advancements can inadvertently expand attack surfaces and complicate governance frameworks.
The survey underscores the vital role CIOs attribute to AI in business strategy. Approximately 71 percent assert that their adaptable cybersecurity approaches empower the organization to take greater innovation risks. However, confidence wanes when assessing their capabilities against attackers employing AI techniques. Only 20 percent claim to be highly effective in defending against AI-enabled adversaries, a sentiment echoed by the same proportion who feel adept at leveraging AI for cybersecurity enhancement.
As the complexity and volume of threats rise, many CIOs foresee an increased reliance on AI-driven security tools. About 72 percent believe these technologies will be crucial for improving detection and response efforts. This dual role of AI—fostering new digital services while simultaneously facilitating new forms of cybercrime—illustrates a pressing concern among IT leaders, many of whom feel their current security measures are insufficient.
In line with these sentiments, the research indicates a trend toward integrating cybersecurity into broader business transformation initiatives. Nearly half of the CIOs surveyed (49 percent) plan to prioritize the integration of cybersecurity across various lines of business and projects within the next year, a figure that exceeds the average for cross-leadership initiatives.
Engagement at the board level has also emerged as a key focus area, with 39 percent of respondents indicating plans to enhance discussions on cyber resilience within executive circles. Publicized cyber attacks have notably heightened the profile of cybersecurity, with 73 percent of CIOs acknowledging that such incidents have escalated executive-level conversations. Nevertheless, internal challenges persist: 47 percent cited a lack of prioritization from executive leadership concerning cyber resilience as a significant obstacle.
Measurement and alignment issues remain critical. Fewer than half of the respondents reported that their key performance indicators effectively connect cybersecurity efforts to overall business outcomes. Nearly half (49 percent) indicated that their organization’s risk appetite does not align with its cybersecurity risk management strategies.
Investment priorities reflect a commitment to addressing these challenges. The report indicates that CIOs are making moderate to significant investments in both foundational and AI-driven security initiatives. Approximately 80 percent are enhancing cyber resilience processes organization-wide, while 78 percent are prioritizing application security.
AI-specific initiatives are also gaining traction, with 76 percent investing in machine learning for improved threat detection and 70 percent deploying generative AI to combat sophisticated social engineering attacks. The trend suggests a shift towards greater reliance on external support for managing high-impact incidents, with 47 percent planning to collaborate with incident response specialists over the next two years, a notable increase from 23 percent in the previous year.
The appetite for utilizing threat intelligence providers is also on the rise, with 36 percent indicating plans to partner with such organizations in the upcoming two years, compared to 26 percent in the past year. Concerns surrounding software supply chain security are particularly pronounced, as over half of CIOs (56 percent) believe that software supply chain attacks are imminent, yet only 22 percent report having a highly effective perspective on their software supply chain.
Investment in software supply chain security remains robust, with 70 percent of CIOs allocating moderate to significant resources to enhance this area. Interestingly, only 25 percent acknowledged that AI has introduced additional risks to the software supply chain since its adoption.
The report advocates for improved executive alignment, operational discipline, and enhanced visibility across third-party dependencies. It calls for organizations to educate leadership on AI-related risks and opportunities within the realm of cyber resilience and emphasizes the importance of integrating cybersecurity into all business functions. Furthermore, it highlights the value of external expertise for incident preparedness and understanding new threats, along with the necessity of stronger visibility and due diligence in managing software supply chains.
“CIOs sit at the intersection of innovation and risk. AI presents enormous opportunities to drive efficiency and growth, but it also increases adversary sophistication. Organizations that modernize security operations, strengthen supply chain transparency, and align executive priorities will be better positioned to lead confidently in an AI-driven economy,” said Kory Daniels, Chief Security & Trust Officer at LevelBlue.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
