That’s the question raised by a new report that discusses the good & bad regarding the relationship of generative AI and cybersecurity.

The fourth edition of Deep Instinct’s Voice of SecOps Report (titled Generative AI and Cybersecurity: Bright Future or Business Battleground? and available here), was released last week. The research was conducted by Sapio Research and surveyed over 650 senior security operations professionals in the US, including CISOs and CIOs.

The study highlights the impact of generative AI in the cybersecurity industry, analyzing the technology’s positive and negative effect on organizations’ security postures and preparedness.

According to the study, 69% of respondents have already adopted generative AI tools within their organization, with the highest adoption taking place (80%) within the finance sector. Nearly three fourths (70%) of security professionals say generative AI is positively impacting employee productivity and collaboration, with 63% stating the technology has also improved employee morale. That’s the good.

However, senior security professionals also view generative AI as a disruptive cybersecurity threat, with nearly half (46%) of respondents believing generative AI will increase their organization’s vulnerability to attacks. The top three generative AI threat issues include growing privacy concerns (39%); undetectable phishing attacks (37%); and an increase in the volume and velocity of attacks (33%). 86% of cybersecurity professionals who have experienced an increase in attacks over the past twelve months believe it’s likely due to bad actors using generative AI. That’s the bad.

The technology has already been repurposed by bad actors as evidenced by WormGPT, a new generative AI tool advertised on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise attacks.

Four other notable stats from the 23-page report:

• 46% of respondents say that ransomware is the greatest threat to their organization’s data security.
• 62% of respondents say that ransomware is the number one C-suite concern, up from 44% in 2022.
• 47% of respondents now have a policy to pay the ransom, versus 34% in 2022.
• As a result, 42% of respondents paid for the return of their data over the past year – up from 32% in 2022.

One of the potential issues I’ve read about is the ability for cybercriminals to use generative AI to find and exploit zero-day vulnerabilities like the MOVEit Transfer vulnerability identified back in May (which I covered here and here). I haven’t seen a direct correlation identified yet between MOVEit and the use of genAI, but I could see it as a possibility – the latest totals of victim organizations is over 1,000 and the total number of individuals affected is 60,144,069! Both numbers are still likely to go up.

On the flip side, the potential positive relationship between generative AI and cybersecurity is for organizations to use the technology to identify and address those vulnerabilities before the criminals do, which could be the biggest reason for organizations to embrace generative AI yet. Let the race begin!

So, what do you think? Do you think the relationship between generative AI and cybersecurity is a good thing or a bad thing for organizations? Please share any comments you might have or if you’d like to know more about a particular topic.

Image created using Microsoft Bing’s Image Creator Powered by DALL-E, using the term “generative ai AND cybercrime”.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.