AI/ML, AI benefits/risks, Identity

Executives bullish about AI capabilities, but worry about data privacy and security

Share
AI, Artificial Intelligence concept,3d rendering

Technology-focused executives across the world are remarkably optimistic and bullish about artificial intelligence, according to the results of a new survey conducted on behalf of identity and access management provider Okta.

Almost all the executives surveyed said AI was already being used in their organizations to automate processes, analyze data, process natural language, write code and generate content. Looking forward, the executives expect AI in the near future to help boost security, efficiency and innovation.

However, they are concerned about the risks AI poses to data privacy, security, and compliance, and worry about ethical and bias considerations.

"When it comes to AI becoming a bigger part of daily life, 46% of executives say they feel equal parts concern and excitement," wrote the authors of the survey report. "When combined with the 44% of executives whose excitement outweighs their concern, the data indicates many executives see some benefit from AI's increased prevalence."

A surprisingly rosy outlook

A whopping 89% of the 125 CISOs, CTOs, CIOs and CSOs surveyed said that AI was a "positive" or "very positive" force in the world. Only 2% considered AI to be a negative force.

The most glowing assessments came from executives in Europe, the Middle East and Africa (EMEA), where 39% of respondents had a very positive view. Poll respondents in North and South America (AMER) and the Asia-Pacific region (APAC) were slightly less bullish, with 29% and 27% considering AI to be very positive.

Likewise, 92% of respondents felt "confident" or "very confident" when making decisions about AI in their organizations. The respondents were extremely confident about their own understanding of AI, with 51% describing their levels of AI knowledge as "expert" or "advanced," equivalent to having graduate degrees in computer science or having experience implementing AI models from scratch.

Forty-three percent of respondents said their levels of AI understanding was "intermediate" — familiar with the technical aspects of AI — leaving only 6% who called themselves "novices" at using AI.

Among the executives surveyed, 30% were in the technology sector, 14% in finance or banking and 11% in professional services. The manufacturing sector and the healthcare and pharmaceuticals sector each employed 8% of the respondents.

Asked to comment on what it takes to successfully adopt and integrate AI, survey respondents offered some advice.

"Proceeding with caution and level-setting expectations early on," said a CIO/CISO in the technology sector in the Americas. "New tech can be dangerous if not adopted appropriately, and company secrets, drift, and hallucinations need to be high on the list of concerns."

"A focus on risk identification, mitigation, and management is needed to ensure that AI adoption works within the boundaries of acceptable risk," said a CIO in the Asia-Pacific healthcare and pharmaceuticals sector. "Secondly, a realistic set of expectations and appropriate metrics for measuring progress and performance are needed."

What AI is being used for today

Fifty-five percent of the respondents said that at the time of the survey in January 2024, AI was already being used on a "widespread" or "moderate" basis at their own organizations. Only 34% characterized their organizations' AI use as "limited," with 2% reporting no AI use at all.

"Most executives who see their organizations having moderate to widespread adoption of AI are from the technology industry, followed by finance and banking and professional services," says the report.

Nearly three-quarters (72%) of respondents said their organizations were using AI for automation and process optimization, and more than three in five (62%) said AI was helping with predictive analysis and forecasting.

Natural language processing and understanding (56%), coding and software development (56%), and content generation and creativity (54%) were other widespread uses for AI.

However, there was some regional variation. Respondents in the Americas said that natural language processing was their organizations' top use case for AI, possibly reflecting the dominance of English and Spanish across the region. Use cases also seemed to differ with regard to a survey respondent's executive role.

"Overall, CIOs report fewer unique use cases at their organizations than CTOs and CISOs," says the report, "notably focusing their efforts on coding and software development, personalized recommendations, and computer vision and analysis."

The respondents were also asked specifically about their use of AI for security and for consumer-facing offerings.

Seventy-one percent said AI was being used "to some degree" for security, with 59% considering their AI security use as "moderate." Consumer-facing offerings had a higher uptake, with 85% of respondents affirming their use of AI in that respect, 72% characterizing their use as "moderate" or "extensive."

How executives plan to use AI in the near future

Asked about their priorities for AI in the next 12 months, a sizeable majority (70%) of respondents said they planned to use AI to improve security and threat detection, and nearly as many (69%) cited optimizing organizational efficiencies. These were followed closely by enhancing innovation and product development (63%) and automating tasks (59%). 

There was some slight regional variation. Improving security and threat detection was tops in APAC and the Americas, while optimizing organizational efficiencies led in EMEA. Again, there was a bit of difference among the executive roles.

"CISOs' priorities largely involve improving security and threat detection, whereas CIOs are most focused on optimizing organizational efficiencies," said the report. "Meanwhile, CTOs show a preference for enhancing innovation and product development."

The rankings were almost identical when the respondents were asked to select only one priority rather than several. Security still came out on top (30%), with efficiency (26%), innovation (21%) and automation (10%) following.

These findings fit well with what the respondents said when asked about their strategic priorities overall, regardless of whether AI was involved. A plurality of respondents (42%) cited security as their top priority, while roughly equal numbers (22%, 18% and 18%) named operational efficiency, innovation and speed to market as their No. 1 priorities.

Interestingly, about the same proportions (31% and 29%) named operational efficiency and innovation as their second priorities. Innovation was the third-most important strategic priority for a plurality (38%) of respondents, while speed to market dominated the No. 4 slot with a 46% share.

"Executive groups show a preference for different strategic priorities: security for CSOs/CISOs, speed to market for CTOs, and operational efficiency for CIOs," notes the report.

"Leaders at larger companies tend to rank security as their most important strategic priority," it adds. "Executives at businesses with fewer than 500 employees distribute their priorities more evenly among operational efficiency, innovation, and speed to market."

AI risks and concerns

Despite their overall optimism and confidence about AI, the executives surveyed still have concerns, if not doubts.

Seventy-four percent said they were worried about AI's impact on data privacy, while nearly as many (71%) cited security risks. Further down the list of concerns were regulatory compliance and governance (cited by 40%) and ethical and bias implications (38%).

Thirty-one percent worried about lack of transparency in how AI generated outputs, and 23% were concerned about their own workforces' understanding of AI. Only 6% were troubled by the potential job displacement AI might bring.

The report noted that CISOs seemed especially worried about regulatory compliance, while CIOs fretted about workforce understanding of AI. Overall, one specific worry was that generative AI would lead to a higher success rate for phishing attacks.

Nonetheless, the respondents were confident that AI would not have a negative impact on security at their organizations. Only 11% said they were "extremely concerned" about that possibility, with 62% indicating only slight or moderate concern.

A slightly smaller majority (54%) said their organizations were "somewhat prepared" to defend themselves against AI-powered threats, and only 17% deemed themselves "somewhat unprepared" or "very unprepared."

Regionally, 67% of EMEA respondents felt "very prepared" or "somewhat prepared," but only 50% of APAC and 58% of AMER respondents did.

"As always, it's the unknown: How are threat actors deviously planning to leverage AI against us? It is a very powerful tool for good as well as for bad," one CISO/CSO who worked in the technology sector in the Americas said.

The Okta report offers three recommendations for safe, smooth implementation of AI: internal security enhancements to proactively mitigate potential AI-spawned threats and risks; collaboration among industry peers and regulatory entities to share knowledge and experience; and emphasis upon employee education regarding AI-usage best practices.

"Leaders must make critical decisions about when, how, and to what degree to use AI — even as the technology itself is rapidly changing," concludes the report.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.