CIOs and CISOs Seek AI Cybersecurity Guardrails
As AI models proliferate, CIOs and CISOs aim to establish security measures to mitigate risks from unauthorized access, cyberattacks, and data leaks linked to AI deployment. Key questions include vetting AI for security, managing multiple models, and tracking unauthorized AI use within organizations.
EU enacts NIS2, CER, and CRA to enhance cybersecurity. NIS2 updates previous directives, imposing cybersecurity mandates on essential entities, effective January 2023. CER targets physical resilience in 11 sectors, starting January 2023. CRA mandates cybersecurity standards for digital products; effective December 2024, main provisions in December 2027. Non-compliance can lead to hefty fines. Businesses advised to comply with these regulations.
12 strategies for accelerating digital transformation:
https://www.cio.com/article/3846263/12-ways-to-accelerate-digital-transformation.html
EU withdrew proposed AI Liability Directive due to stakeholder disagreement and regulatory simplification demands; aimed to unify protection for AI-related harm. Shift in focus towards future regulatory approaches on AI liability expected.
https://www.twobirds.com/en/insights/2025/proposed-eu-ai-liability-rules-withdrawn
EU's draft AI Code of Practice criticized by rightsholders as it undermines copyright protections, with calls for substantial improvements before approval.
EU's AI Act aims to regulate AI, balancing innovation with ethical concerns. Key points include a ban on high-risk AI by February 2025 and a code of practice by May 2025. Implementation begins August 1, 2026. Issues arise over definitions of high-risk systems, transparency, accountability, and copyright gaps. Compliance challenges noted, especially in protecting minors and enforcing regulations. Organizations should prepare for compliance despite uncertainties. AI Act shows potential for significant impact amid ongoing debates and complexities in legislation.
TLDR: Industrial Cybersecurity Market 2025 highlights need for cyber risk quantification, AI adoption, and operational resilience. Organizations face rising insurance costs amid sophisticated threats, prompting a shift to proactive risk management and collaboration between IT and OT. “Secure by Design” principles are crucial for safety and trust. Workforce development is essential for combating skill gaps. Cyber resilience, especially in response to ransomware and supply chain threats, now demands integrated strategies to maintain operational continuity and meet strong regulatory compliance.
65% of organizations lack control over data in GenAI apps; 98% report BYOD policy violations; 64% of encrypted traffic is uninspected. The browser, central to modern work, faces risks from unmanaged devices and SaaS applications. 95% experienced browser-based attacks, while significant security gaps persist despite investments. Key solutions: secure browsers enhance protection and visibility, while Secure Access Service Edge (SASE) integrates security frameworks to support hybrid work without compromising user experience.
https://www.cybersecuritydive.com/spons/is-your-browser-ground-zero-for-cyber-attacks/740364/
UK public sector's digital transformation without cybersecurity poses significant risks, increasing vulnerabilities to citizen data and essential services from AI-driven tools and third-party providers. Noteworthy threats include supply chain breaches, automated cyberattacks, and state-sponsored attacks, emphasizing the need for robust cybersecurity measures, continuous monitoring, and employee training to safeguard public trust and national security.
TLDR: EDPB launching 2025 Coordinated Enforcement Framework focusing on ‘Right to Erasure' under GDPR, engaging 32 European DPAs. Organizations face intensified scrutiny on compliance, needing to improve erasure request processes and overall GDPR compliance to mitigate risk.
