Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development
APAC Security Teams in No Hurry to Embrace Generative AI
Companies Take Wait-and-See Approach to AI-Based Cyber InvestmentsOnly about one-quarter of the top companies in Asia plan to integrate generative AI into their security operations centers, according to a recent IDC report. Organizations are looking for a clear return on investment and tangible cyber risk management benefit before investing in AI, analysts said.
See Also: 5 Myths of AI & Machine Learning Debunked
Citing a recent survey of Asia's top 2,000 companies, global market intelligence firm IDC said organizations that plan to adopt generative AI hope to reduce inefficiencies in existing cybersecurity practices such as third-party risk monitoring, anomaly detection and quantifying cyber risk.
Organizations expect generative AI-enabled technologies to primarily address existing inefficiencies associated with real-time data monitoring, data anonymization, data encryption, data loss prevention and privacy-preserving practices.
Solving these challenges could enable organizations to effectively monitor the ever-increasing volumes of data being generated and processed and adhere to a wide range of data-centric regulations, IDC said.
APAC Companies Slow to Adopt Generative AI
The adoption of generative AI in cybersecurity is slow despite efforts to promote the technology. Big tech firms such as Microsoft have been touting generative AI-enabled technologies as game changers for productivity in the coming years.
In the Asia-Pacific region, several governments have announced dedicated support and incentives to develop sovereign AI-enabled technologies to fulfill many use cases, including cybersecurity. The South Korean government in its 2024 annual budget allocated $582 million toward developing next-generation AI technologies. Singapore has also announced a five-year $740 million investment plan to put in place a trusted and responsible AI ecosystem.
IDC said generative AI holds great potential to revolutionize cybersecurity, especially in the domains of data privacy and security. But it is still at an early stage, and a vast majority of organizations may not invest heavily in the technology now due to financial constraints.
IDC Asia-Pacific research manager Christian Fam said generative AI's use cases in security "are still emerging and maturing, but its trajectory is clearly upward."
He said, "With time, research and innovation, we can expect generative AI to play an increasingly pivotal role in forging trust and fortifying our digital defenses against the evolving threats of the future."
CISOs Wary of Additional Risks
Gartner analysts said the trend is similar in India, although it placed generative AI on the "peak of inflated expectations" in its hype cycle for emerging technologies in 2023.
The firm said during its Security and Risk Management Summit in Mumbai this week that organizations recognize that generative AI has the potential to transform security initiative implementations, but they prefer to take a wait-and-watch approach, considering the risks that accompany AI implementations.
"Generative AI is transforming the cybersecurity market, but there is skepticism among Indian organizations at present," said Abhyuday Data, director analyst at Gartner. "This is because generative AI introduces new attack surfaces requiring changes to application and data security practices and user monitoring."
Once organizations integrate generative AI into their cybersecurity solutions stack, they will have to introduce additional resources to secure the technology itself. According to Gartner, this could lead to more than a 15% incremental spend on application and data security.
Data said it is essential for organizations to conduct proof of concepts before incorporating generative AI into their cybersecurity programs, beginning with application security and security operations.
"A policy for overseeing the introduction of gen AI-based products into the organization must also be established to ensure that all internal teams using this technology understand and adhere to a set of unified policies," he said.