EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
-
Discover how EY's Cybersecurity Transformation solution can help your organization design, deliver, and maintain cybersecurity programs.
Read more
Balancing AI and your people
Striking the right balance between AI-enabled automation and people control will be crucially important for organizations’ accountability to shareholders, boards and regulators. The key for CISOs is to identify the areas where AI-enabled automation is most suited to replace manual processes.
For instance, teams are still producing blueprints for systems to follow, according to Adam Cartwright, CISO at Asahi. “What we'd like is not having to write playbooks in the near future because the AI engine will have the context to understand what an analyst would do in this case and recommend those steps back to us, or even perform them.”
Similarly, Ananthapavan at ANZ Bank stated, “Currently, threat hunting is a manually-intensive process which involves coding and developing scripts, and then running them across our environment. We are looking to automate large parts of that process, to help identify malicious activity and respond faster.”
AI’s impact on retaining cyber talent will also be profound. It will allow employees to focus on more engaging and value-adding work, and to increase their throughput. CISOs report better employee retention thanks to eliminating menial work. It will also allow CISOs to reduce spending on contracting. “It's much easier to implement an AI [use case] than to hire and train and retain staff. It can handle a much greater amount of information in a shorter amount of time,” says one CISO from an Asian-headquartered electronics manufacturer.
CISOs are also eyeing a nascent shift from technical cyber practitioners to AI operators and “fine tuners.” Employees with prompt engineering skills, enabled by the right technology and an AI interface, can do the work of multiple penetration testers.