Forging ahead with enterprise AI? Don’t wait to bring in your cybersecurity people

Close to half the world’s cybersecurity professionals, 45%, have zero involvement in projects within their respective enterprises to develop, implement and govern AI solutions. 

The exclusion came to light in a 2024 survey of more than 1,800 of these specialists conducted by the Information Systems Audit and Control Association (better known as ISACA). The largest single respondent block, 45%, hailed from North America.

Publishing the full findings in its latest State of Cybersecurity report, ISACA called the paltry inclusion of cybersecurity professionals “disheartening.”  

In commentary on the report published Jan. 6, Goh Ser Yoong, MBA, head of compliance at Advance.AI and a member of the ISACA Emerging Trends Working Group, builds on the report’s conclusions. 

“The exclusion of cybersecurity teams from AI development and implementation poses significant risks to organizational security, which includes oversight in addressing AI adversarial attacks, data poisoning and breaches, as well as model vulnerabilities,” he writes before adding: 

‘To mitigate these risks and ensure the secure and effective integration of AI, it is imperative to increase awareness, bridge the gap and foster collaboration between cybersecurity teams and other departments, such as AI development teams, products, compliance and even legal.’

With that, Ser Yoong recommends some to-do’s for organizations moving ahead with AI. 

1. Involve your cybersecurity team early.

Early involvement will ensure that security considerations are “embedded into the design, integration and development of AI solutions, minimizing the risk of vulnerabilities and security breaches,” Ser Yoong points out. “There is anticipation from studies by Gartner that agentic AI deployments will be increasing in 2025. Such deployments could be through third-party agents to be readily integrated, though they could be developed in-house too.” More: 

‘Regardless of the approach, a proper third-party risk management process would be required, as well as mature development through methodologies such as development, security and operations (DevSecOps), and these would need to be driven by the cybersecurity team.’

2. Cultivate a cross-functional, collaborative culture.

Organizations do well to foster a culture of collaboration and communication, Ser Yoong notes. “This can be achieved through regular meetings, joint workshops and shared training programs,” he adds. “Cross-functional collaboration will ensure that all teams understand each other’s perspectives, share knowledge and work together to achieve common security goals.”

‘Development methodologies such as DevSecOps also is required to evolve, with machine learning operations (MLOps) being the next potential new culture and practice that unifies machine learning application development with systems deployment and operations.’

3. Encourage upskilling and training. 

Cybersecurity professionals “should be provided with the necessary training and upskilling opportunities to stay abreast of the latest AI developments and security challenges,” Ser Yoong advises. 

‘This will enable them to contribute effectively to AI development and implementation, ensuring that security considerations are addressed throughout the AI lifecycle.’

4. Choose and use AI training data carefully. 

“Organizations should prioritize the proper selection and usage of training data for AI models, including both properly sourced real-world data and the generation of synthetic data,” Ser Yoong states. 

‘This will ensure the development of robust and effective AI solutions while addressing potential biases and privacy concerns.’

5. See the big picture.  

The involvement of cybersecurity teams in AI development “is essential for organizations to harness the full potential of AI while mitigating the associated security risks that it would pose throughout its lifecycle,” Ser Yoong concludes.  

‘In the long run, the goal should still be to maintain the digital trust that organizations have built with their customers.’

Download ISACA’s 2024 State of Cybersecurity report here. Read Goh Ser Yoong’s commentary here.