As the world’s decision-makers scramble to redefine their AI policies, an era-defining question is raised: Where in the virtual world does cybersecurity fit in tomorrow’s AI-enabled Governance, Regulation, and Compliance (GRC) landscape?
It needs to be front and centre, not side-lined in favour of speed or neglected due to a lack of understanding. Cybersecurity and GRC are merging, and despite the growing number of threats and the nigh-ubiquitous digitalisation of our world, many organisations are slow to mobilize the lines of defence needed to protect the clients, customers, and communities they serve, particularly when it comes to SMEs (Small and Medium-Sized Enterprises), a reality that the BBC labelled as the Achille’s heel of the US economy.
The Regulation Conundrum
Legislative evolution will likely play a part in improving the situation for the better. As reported by Tech Crunch, UK Broadband carriers face fines of up to $117,000 per day, or 10% of their sales for failing to adhere to the cybersecurity rules.
In the US, tighter cybersecurity regulations were revealed earlier this year, largely a result of the increase in attacks from state-sponsored threat actors.
With the passing of a controversial cybercrime law in Jordan, it’s clear that this inherently politicised space will continue to breed global friction as technology improves – digital rights will continue to be questioned, cybercrime will become more accessible, and regulators everywhere will be forced to address what Info Security call ‘a catastrophic cyber event.’
Where does this leave GRC teams?
CNN reported that an estimated 41% of companies are without a CISO (Chief Information Security Officer) succession plan, going on to claim that this leaves businesses exposed to significant risk from cyber-attacks.
CICO’s, as CNN notes, are notoriously difficult to replace, as are cybersecurity professionals in general, commonly a result of the glaring skills gap in today’s talent space.
Moreover, there are studies that suggest much of the existing talent base (84% according to one study) is burnt out. We’ve heard it ourselves from a number of calls with cybersecurity veterans from our network, and it’s dampening motivation among the wider community.
What can GRC teams do to close this gap? One of the ways we’ve been able to help teams bridge the divide at Broadgate is by collaborating with our veteran-focused community group, Ex-Military Careers. This creates access to a deep and highly engaged pool of historically hard-to-reach talent, many of whom are not only extensively trained in information security, but also possess the unique skillsets and experiences that veterans bring to the civilian world.
Adopting a train-and-deploy model is another way of revealing new avenues to strengthen the talent pipeline – some reports suggest that there’s a global shortage of around 3.4 million security professionals, less of a gap and more a mighty chasm, one that can be narrowed via the right hiring process.
Train and deploy often represent an organisational paradigm shift, i.e., hiring for attitude, training for job-specific technical skills, and deploying to ensure competency. Many companies have made great strides in utilising in-house training academies to help them with this, including Deloitte, Siemens, and CISCO.
Ultimately, the point rests in the ability to open new channels through which to identify, source, and retain cybersecurity talent when traditional methods fail to make the cut.
The Impact of AI
AI has fundamentally transformed the way organisations approach GRC, from the shape and size of their teams to the processes required to enhance their protection against threats. Whether this is the emergence of natural language processing in the finance sector or regulatory changes aimed at mitigating third-party risk, GRC teams will need to pilot their functions with a robust AI strategy to retain their adaptability.
A process for AI adoption must be addressed, and it needs to be upheld by candidates with the right technical and interpersonal skills to make a sustainable, positive impact.
If you’re looking to hire these people, Broadgate is here to help. Our Cybersecurity and GRC specialists have built a global talent network of exceptional candidates through their community-led approach to recruitment. Whether you’re hoping to hire, or you just want to talk about all things business protection and enablement, we’re always up for forming new connections. Contact the team here to find out more, or drop me a message on LinkedIn here, whatever suits you best.