Get in touch

IT decision makers on generative AI and cybersecurity

To label today’s technological landscape as rapidly evolving seems something of an under-statement.

Cybersecurity continues to grow as a paramount concern for organisations worldwide. As tech and other industries witness transformative leaps forward in artificial intelligence (AI) – particularly in generative AI, a term which is nicely explained in a recent TechTarget article – and grapple with the ever-changing cyber threat landscape, IT decision makers are confronted with a dual challenge: to harness the immense potential of AI while safeguarding their organisation.

In mid-2022 we asked members of our Vanson Bourne CommunITy of IT and business professionals to tell us which trends they believe represented the greatest risk to their organisation’s cybersecurity in the coming years. At the top by some distance were the increased frequency of cyberattacks and the continued evolution of the cyber threat landscape. For many organisations, simply staying on top of the attacks they’re aware of is enough of a challenge – never mind having to adapt to ever-changing tactics employed by malicious actors.

Fast forward a year and it is that highlighted evolution which has spawned a rapidly growing risk for organisations: the advancing development and wider use of generative AI.

We recently posed the same question to 100 IT decision makers, with that answer option newly added to reflect current trends. The result? You’ve got it – no surprises, it duly leap-frogged the two leading risks from last year to take first place.

Hype, hope and hesitation

It’s easy to get swept up in the hype around generative AI’s use or misuse, such is its undoubted potential. Seven in ten of our IT decision maker respondents believe it will have the most significant impact on the way that enterprise organisations do business. This belief was also recently expressed by VMware’s President, Sumit Dhawan, in their July 2023 Multi-Cloud Briefing: Generative AI for the Enterprise where he said that the real impact of the technology will be in the enterprise, through the effectiveness and efficiency this will drive across functions and teams.

Digging deeper into our results, that’s the case from the c-level and senior management (70%) to middle and junior levels (76%). It’s also a constantly held view as organisation sizes increase – those in organisations of 1,000-2,999 employees (75%) align with those in ones of 10,000+ (76%).

At this stage it’s difficult to predict generative AI’s true impact or staying power, but early signs certainly appear to point to a more lasting legacy than another recently hyped trend: the metaverse sits well behind it among our respondents, with just 29%.

So, what type of impact on cybersecurity will generative AI have? Which side of the fence do IT decision makers currently sit when it comes to its application? We asked whether they thought the technology would offer more opportunities or more threats to their organisation’s cyber security in the coming years.

Overall – and perhaps encouragingly – our respondents most commonly felt it would bring more opportunities, with 47% in this camp. In this instance, the advertised benefits of generative AI take the form of improved productivity, optimised business processes, enhanced threat detection, among many more.

But what of the others?

Around half that proportion (23%) took the opposite view, considering generative AI to offer more of a threat. Those remaining reported a more balanced perspective or simply admitted they did not know yet.

An intriguing correlation emerges when it comes to organisation size, with the lower end of enterprise more likely to see the opportunities ahead – 56% of those in businesses of 1,000-2,999 compared to 37% of those in 10,000+. There is certainly potential for smaller companies to see generative AI technology as helping them close competitive gaps with their larger peers, given its early promise for augmenting resource and saving time.

So what about improving cybersecurity?

Looking ahead to the next 12 months – what amounts to an eternity in cybersecurity – we asked our ITDM respondents to identify what would be the most effective method to improve their cybersecurity. As you’d expect, there wasn’t a silver bullet, but chief among the answers was the need to invest in cyber training for the general workforce.

If IT security teams didn’t already have enough to keep them busy, from ransomware to phishing, hybrid working to shadow IT, generative AI in the form of readily accessible tools like Chat GPT opens up a whole new attack surface for them to attempt to combat and control. Of course, that is perhaps an immediate threat – and generative AI also offers plenty of potential in terms of its counterattack capabilities.

Talking tactics

So how are organisations approaching their response to countering cyberthreats? What’s their tactical philosophy?

From our respondents, it appears flexibility (65%) is the most common approach, actively employing different tactics in response to different scenarios. A further 17% operate an “all-out defence” approach, constantly at a state of readiness to counter attacks as they occur.

But what of the third way? A growing trend in cybersecurity in recent years has been the push for organisations to go on the offensive more when it comes to protecting themselves, against ever-changing, ever-emerging threats. And coming back to AI’s application in this area, organisations such as CrowdStrike are increasingly promoting its huge potential in real-time threat monitoring, identifying the indicators of an attack before it becomes one.

17% of our respondents said their organisation currently takes an “all-out attack” approach to their cyber defences – one that, with the help of specialist vendors and emerging tools, will surely continue to grow.

Walking a cybersecurity tightrope

While acknowledging the risks posed by advancing generative AI and the evolving cyber threat landscape, it seems many IT decision makers are still optimistic about the transformative potential of AI technologies. The key lies in striking a delicate balance between harnessing AI’s opportunities and mitigating its associated risks. By prioritising workforce training and fostering a culture of cybersecurity awareness, organisations can aim to embrace the promise of AI while safeguarding their most valuable digital assets.

Our July blog – deeper discussions with IT decision makers on Chat-GPT

Discover the findings from our conversations held with our Vanson Bourne Community of IT professionals. We sat down with a selection of UK members across enterprise organisations to explore their personal and professional opinions on generative AI – in particular Chat-GPT.

Building on the results you’ve just read, we explore the key focus areas that lie ahead, the business use cases they envisage and what they perceive to be the future impact on the workforce.


100 IT decision makers from the UK were interviewed in April 2023. All respondents were from organisations in the private sector, with 1,000 or more employees.

Keeping up with emerging trends in technology can be a challenge. Conducting bespoke, high quality market research can help give your organisation the insight edge. Talk to us about your objectives and let’s discuss how research can help you navigate your way in these uncertain times.