AI, Cybersecurity and Compliance: A Data-Driven Perspective

The Cybersecurity Data You Need To Know

In today’s fast-evolving cybersecurity landscape, it’s no secret that safeguarding sensitive data and critical systems has become more urgent than ever. Over the past year, regulatory actions have intensified, driven by landmark developments such as the SEC’s rules on cybersecurity incident disclosure and the EU’s Cyber Resilience Act (CRA). These regulations address the growing risks of cyber threats and the increasing reliance on digital products. Simultaneously, the race to harness Artificial Intelligence (AI) is heating up, prompting calls for responsible use and increased regulatory scrutiny.

To better understand the impact of these changes on cybersecurity practices and compliance strategies, Swimlane teamed up with Sapio Research, experts in market research for technology. Swimlane surveyed 500 cybersecurity decision-makers at enterprise companies with at least 1,000 employees in the United States and the United Kingdom. 

Continue reading for the key takeaways from the report and download the full report to reveal all of the conclusions: 2024 Regulation vs. Reality: Are the Fed’s Attempts at Wrangling Incident Disclosure Effective? 

Regulatory Changes Drive Strategic Shifts and Budget Increases

The survey revealed that 93% of organizations have rethought their cybersecurity strategy in response to new regulations, with 58% having completely reconsidered their approach. This shift is accompanied by a significant increase in cybersecurity budgets, with 92% of organizations reporting higher allocations. Notably, 36% of these organizations saw budget increases between 20% to 49%, and 23% experienced increases exceeding 50%.

Despite the surge in spending, compliance confidence remains low. Only 40% of respondents believe their organizations have made the necessary investments to fully comply with relevant cybersecurity regulations, while 19% admit to having done very little. This gap highlights the ongoing struggle to keep pace with complex regulatory requirements amidst rising cyber threats and the need for enhanced employee training.

The Impact of SEC Cyber Rules on Corporate Risk Management

The SEC’s new rules on cybersecurity risk management and incident disclosure have had a profound impact. Public companies are now required to disclose significant cyber incidents within four business days and detail their board’s oversight of cybersecurity risks. This regulatory pressure has underscored the importance of having cybersecurity expertise at the board level. Here’s what was found:

• 80% of respondents believe every company board should include at least one member with cybersecurity expertise.
• Among those surveyed, 55% have one board member with such expertise, while 31% have multiple.

The ability to swiftly report security incidents is instrumental to SecOps team’s success. The survey found that 56% of organizations could report incidents to investors, boards, and regulators within 1-2 business days, yet 43% noted an increase in reporting time over the past year, which indicates challenges in maintaining streamlined processes.

A Consensus on AI Regulation

As AI becomes increasingly integral to cybersecurity, its regulation is a pressing concern. Navigating this paradox requires a strategic and vigilant approach to ensure AI-powered tools strengthen defenses rather than introduce new vulnerabilities. 

As AI becomes increasingly integral to cybersecurity, its regulation is a pressing concern. Navigating this paradox requires a strategic and vigilant approach to ensure AI-powered tools strengthen defenses rather than introduce new vulnerabilities. Colorado’s new law, which mandates developers of high-risk AI systems to avoid algorithmic discrimination and disclose information about their systems, highlights the growing regulatory landscape. Despite opposition and reservations from industry groups and Gov. Jared Polis, the law’s passage underscores the importance of proactive measures. 

• 83% of respondents support regulations on AI development and use, reflecting widespread recognition of AI’s potential risks alongside its benefits. 
• 44% of respondents say it’s challenging to find and retain personnel with the right expertise to implement and maintain AI. 

Organizations face several challenges in adopting AI, including balancing data privacy with the need for extensive data analysis, integrating AI solutions with existing systems, and addressing vulnerabilities in AI models. The cybersecurity talent shortage exacerbates these issues, underscoring the need for experienced human oversight in AI deployment.

The Solution: Balanced Human Expertise and Advanced Automation 

The findings from Swimlane’s survey illustrate a landscape where cybersecurity is increasingly seen as a critical component of business continuity. Regulatory pressures and evolving cyber threats are driving strategic shifts and increased investments in cybersecurity. However, the challenges of compliance, talent shortages, and the integration of AI highlight the need for a balanced approach that combines human expertise with advanced security automation tools.

Swimlane’s low-code security automation platform, exemplifies this approach. By utilizing AI-enhanced automation to mitigate routine tasks and enable rapid integration, Swimlane Turbine allows security professionals to focus on complex issues that require human judgment. This not only enhances efficiency but also ensures that organizations remain compliant and resilient in the face of evolving cyber threats.