Despite rising investments in cybersecurity, cyberattacks have become more frequent and destructive. As companies’ operations and interactions with consumers are increasingly digitized, the number of vulnerabilities for hackers to exploit is rising inexorably.
While technologies like AI can help companies identify attacks in progress and make their networks more secure, AI has also been weaponized by cybercriminals to make cyberattacks more sophisticated and difficult to detect.
CISOs have to be capable of making the case to their fellow company leaders that cybersecurity is a worthy investment – particularly at a time when IT budgets are under pressure, data privacy and security regulations are becoming more stringent, and breaches are increasingly costly. This situation offers unique opportunities for companies that are focused on automating cybersecurity and reducing the cost of keeping the company safe. Cyberthreats aren’t going away any time soon, so it’s vital to incentivize cybersecurity with solutions that are cost-effective and successful at repelling attacks.
As laws and regulations become stricter and cyberattacks continue to cause immense financial and reputational harm for companies, the opportunities for cyber-investing abound. This is why Telstra Ventures will continue to support innovative companies that are meeting the surging demand for cybersecurity.
Companies are increasingly aware of the need for robust cybersecurity, and they’ve made substantial investments in their security infrastructure over the past several years. However, cyberattacks have only become more common and crippling over the same period. According to the 2023 IBM Cost of a Data Breach Report, the average cost of a breach reached an all-time high in 2023: $4.45 million.
This status quo is alarming and frustrating for company leaders who have already been spending more on cybersecurity. A 2023 PwC survey found that two-thirds of executives consider cybercrime the most significant threat they face, which demonstrates that progress on cybersecurity has been sluggish. However, company leaders recognize that the persistent threat of cyberattacks is all the more reason to continue focusing on cybersecurity. Forty-six percent say they want to give the CISO more authority to drive collaboration on security next year.
Companies need to take aggressive action to mitigate the cyberthreats they face. The overall number of cyberattacks jumped by 38 percent last year, and cybercriminals are using AI and other next-generation technologies to make these attacks even more effective. These trends show no sign of slowing down, and companies have a responsibility to address them.
As cybercriminals increasingly rely on AI to develop malware and launch more advanced cyberattacks, companies are using AI-powered detection tools to identify and prevent these attacks. The AI arms race will intensify in the coming years, which is yet another reason companies will continue investing in cybersecurity. To fully leverage these investments, CISOs need to make cybersecurity integral to their networks and processes, which means using automation to limit human error and address other susceptibilities.
According to Verizon’s most recent Data Breach Investigations Report, almost three-quarters of successful breaches involve a human element. This is a stark reminder that social engineering – the manipulation of human beings to hijack sensitive information, steal funds, or gain access – is one of the main weapons in the cybercriminal arsenal. AI has the potential to be a potent force multiplier in social engineering attacks. For example, large language models (LLMs) like GPT-4 can help cybercriminals craft convincing, error-free phishing messages that are more likely to attract clicks and downloads. IBM reports that phishing is the most common and second-costliest initial attack vector, and AI is about to make it even more dangerous.
Cybercriminals are also using AI to trawl social media for actionable information and prepare the ground for future attacks. These are just glimpses at how the cyberthreat landscape is shifting, and companies need to be prepared for even more relentless and devious attacks in the future.
CISOs are in a difficult position – they often struggle to generate organizational alignment around the importance of cybersecurity, and they can be held accountable if the company suffers a data breach or some other type of cyberattack. This is why there’s a growing market for cybersecurity resources that can reduce the likelihood of human error and automate security processes. From tighter regulatory oversight to constant cybercriminal escalation, CISOs need all the help they can get.
One of the main challenges for CISOs is how to streamline cybersecurity and do more with less. While some cybersecurity budgets are increasing, 14 percent of CISOs say their budgets have decreased or disappeared entirely. Industry leaders are calling for greater cooperation and intelligence-sharing across the sector, while CEOs and CISOs are working to determine which partners will help them build a more secure IT infrastructure in a cost-effective way. Security teams have to build stakeholder support within their companies, which means investing in cybersecurity automation and other processes that improve a company’s cybersecurity posture without imposing onerous restrictions and demands on the workforce.
Telstra Ventures has a long history of supporting innovators that meet these needs, such as CrowdStrike (a cloud-native cybersecurity platform which had a successful IPO in June 2019) and Zimperium, which offers mobile device and app security. As the need for comprehensive and automated cybersecurity becomes more urgent, we will continue to invest in the companies capable of providing it.