International research institute IDC predicts that by the end of 2024, 25% of Top 2000 Asia (A2000) companies will leverage Generative AI (GenAI) within their Security Operation Centers (SOCs). This integration is designed to bolster analysts’ skills in detecting and responding to cyber threats, significantly improving their efficiency in managing cybersecurity incidents. This move addresses challenges related to hallucinations, bias, privacy concerns, and the reinforcement leaning aspects inherent in GenAI applications. Although GenAI holds promise in enhancing the efficiency of security analysts, analysts are still at the core of security implementation.
As AI and GenAI become focal points, organizations in the Asia/Pacific excluding Japan (APeJ) region are eagerly investigating use cases. Their aim is to enhance operational effectiveness while also addressing risk and privacy issues.
• AI Risk/Compliance: By 2026, 25% of organizations will utilize AI-enabled risk and compliance solutions to continuously monitor data in real-time to predict noncompliance internally or from third-party associations.
• AI-Enhanced Privacy: By 2026, 25% of organizations will utilize AI to enhance data privacy through use of data anonymization, encryption, anomaly detection, and privacy-preserving ML techniques like differential privacy.
• DLP for GenAI: By the end of 2024, 35%of large organizations will have extended their Data Loss Prevention (DLP) deployments to GenAI environments to prevent privacy violations and data breaches.
When AI systems are properly implemented, mundane and repetitive operational tasks are greatly reduced. These systems are particularly adept at scaling to manage the ever-increasing volumes of data being produced and consumed, crucial for upholding of data privacy in this big data era. Furthermore, the risk of non-compliance, fueled by rising cyberattacks and the proliferation of regulations at various governmental and sectoral levels, underscores the need for AI’s advanced analytical capabilities. AI-powered solutions for risk and compliance can effectively sift through vast datasets, facilitating continuous, real-time adherence to regulatory requirements.
Despite AI and GenAI initiatives taking the limelight, aligning IT security investments with business outcomes remains a challenging feat for organizations in the region. Budget shifts, largely directed towards AI and GenAI efforts, necessitate that IT security spending is justified in some manner, maintaining a balance between innovation and security imperatives.
• Cyber-Risk Quant: By 2026, 30% of organizations will use quantification models to attack a dollar figure to cyber-risks and seek vendors with incident response data to calculate probability and dollar amounts.
• Cyber-Risk Platform: By 2026, 20% of organizations will use a proactive cybersecurity platform that aggregates risk exposures to score and prioritize cybersecurity risk in totality instead of one tool at a time.
"Generative AI's use cases in security are still emerging and maturing, but its trajectory is clearly upward. With time, research, and innovation, we can expect Generative AI to play an increasingly pivotal role in forging trust and fortifying our digital defenses against the evolving threats of the future," says Christian Fam, Research Manager, Future of Trust, IDC Asia/Pacific.
