96% – That’s the percentage of respondents in Splunk’s latest 2023 CISO Report who stated that they have suffered from a ransomware attack, and more than half (52%) experienced one that significantly impacted their business.
Furthermore, 83% opted to pay their attackers, with more than half having paid at least US$100,000, and every one in 11 paid a staggering US$1 million or more. While all regions reported paying the ransom, the Asia-Pacific (APAC) region was notably more likely to pay US$1 million or more compared to its counterparts.
While paying a ransom may seem like the quick (and sometimes only) fix, there is no honour among thieves as organisations still find it challenging to fully restore their lost capabilities, making it a wildly profitable business for ransomware groups.
Needless to say, digital resilience remains of utmost importance, but with CISOs reporting issues with recruitment and retention, how do organisations then take on this fast-growing and very real threat?
Turning to AI
ChatGPT has been the talk of the town this past year, with virtually every organisation looking into how they can leverage AI. While the cybersecurity space has had a headstart on the rest, adoption is still nascent at this point, and it should continue to be top-of-mind for CISOs.
Most, if not all organisations nowadays are fully reliant on digital systems. Coupled with the ongoing skill shortage in the cybersecurity space, there is an increasing need for more efficient and automated responses to security threats.
As a matter of fact, 86% of CISOs believe that generative AI will alleviate skill and talent gaps on the security team, helping to take over labour- and time-intensive functions.
This makes AI a critical tool for bolstering organisational security and resilience, allowing CISOs to better gain a competitive edge, improve operational efficiency, enhance customer personalisation, and unlock new business growth opportunities.
The latest report also finds that APAC expresses the most hope for AI to be used as a defensive tool, with 24% believing that it would give them an advantage over cybercriminals. It stands to reason then that APAC is most likely to be using generative AI today for cybersecurity.
How businesses can leverage AI effectively
AI makes it easier for teams to detect significant events with its ability to provide contextual understanding through intelligent event summarisation and interpretation, all while accelerating the learning process.
This increases productivity and efficiency as teams are now able to focus on more important things, while AI takes care of the basic, routine tasks.
Moreover, AI enables greater end-to-end visibility for businesses today. For instance, with the implementation of an advanced operational data analytics platform, Singapore Airlines experienced enhanced IT system visibility, achieving over 75% faster issue detection and resulting in 90% fewer backend issues. The airline also improved its ability to closely monitor their systems at scale and in real time.
Similarly, Puma turned to cloud and AIOps monitoring solutions, which enabled them to quickly detect and rectify failed purchases on their system, reducing average issues detection time from hours to a mere 15 minutes.
AI is just part of the equation
While AI’s importance cannot be understated, digital resilience should be a whole-of-organisation strategic objective. Cybersecurity is not just a “tech problem.”
Instead of simply viewing it as a matter of compliance or managing it in individual silos, all key functions of an organisation should come together to enhance digital resilience.
This collaborative, best-practice approach allows organisations to manage and overcome disruptions more effectively. Teams working together can swiftly address issues, prevent major disasters, and adapt to changing environments.
Empowering teams with unified solutions is a necessity in facilitating transformative digitalisation across the whole organisation, and is especially beneficial in times of disruption. In fact, 44% of respondents in the 2023 CISO report saw greater integration between security and IT operations tools and processes, and 40% saw greater knowledge transfer between groups.
Splunk’s 2023 Digital Resilience Report also found that companies are twice as likely to have digital transformation success when their security and IT teams support initiatives to accelerate the release cycle across all products and services, compared to siloed efforts.
Cyber risk is business risk
Digital resilience plays a crucial role in mitigating and minimising the impact of cyberattacks, and if implemented well, can also be instrumental to ensuring swift recovery and help boost revenue. While much has already been done, APAC still has some ways to go when it comes to prioritisation and investment in digital resilience.
Forget trying to build closer relationships with the C-suite, CISOs need to be part of the C-suite. Security is now on par with finance in terms of importance, as security risk has evolved to become just as costly and impactful to share prices as financial risk.