Careers
4 ways Australians can use AI to protect data
In the time it takes to read this blog post, one Australian individual or organization will have reported a cybercrime.
The Australian Cyber Security Centre received more than 76,000 reports of crime between July 2021 and June 2022, or one every seven minutes. The average loss per report was $64,000 AUD ($42,387 USD).
Globally, nearly half (46%) of chief information officers and 41% of their C-level peers are concerned their cybersecurity isn’t keeping pace with their digital transformation efforts to protect data, according to research by ServiceNow and ThoughtLab.
EY estimates those numbers are higher in Australia, noting that most companies are struggling to keep up with new security compliance obligations while digitizing their employee and customer experiences.
“Leaders need to change strategically in response,” says Rohit Rao, Asia-Pacific financial services cybersecurity leader at EY. “It’s about building a cybersecurity mindset into the culture—starting in the boardroom and extending throughout the whole business.”
EY’s cyber experts say AI is increasingly seen as an essential tool in organizations’ defensive arsenals. Let’s explore four ways AI can help leaders address security challenges.
1. Use AI to map and minimize risk
Digital transformation has scattered data across departments, legacy systems, and cloud and on-premises infrastructure. Across industries, reliance on outsourced third-party providers has increased dramatically, but accountability still rests with your organization. If you don't have visibility into your data, how can you detect an attack?
“It's not possible for large enterprises to have a 100% airtight environment 100% of the time,” Rao says. “So, the context must be: How swiftly can we identify a breach? How effective are our continuous detection and management processes?”
Automating discovery and assessment of new technologies and vulnerabilities can help you maintain an accurate profile of devices and software that make up your company’s threat surface. Use consistent risk scoring to evaluate diverse systems and prioritize what to respond to.
Include recommended fixes and details in communications between security and outsourced partners who implement updates. Replace uncertainty and delays with precision and continuous improvement.
2. Use AI top build a single view
Siloed organizational structures often mean different departments have no understanding of what other teams are doing—delaying action and increasing risk.
“We’ve entered a new era, where security requires organizational ownership,” Rao says. “It’s no longer the sole responsibility of the cyber folks. Companies that recover quickly view cyber response capabilities as whole-of-business crisis planning—not technical incident management.”
Every case differs, but cross-functional understanding of information flows is key. Identify how and when to engage the board, inform employees, and reach out to customers. Organizations need to assume a breach has occurred and be ready to respond, regardless of severity.
AI can help you share data and tools across teams to improve collaboration and reduce silos. Integrate and enrich data from different systems to improve the quality and relevance of each department’s decisions and actions. Automation makes it easy to gather timely and defensible evidence to satisfy C-level leaders and board governance committee members.
3. Use AI to do more with less
Increased cybersecurity spending can be a tough sell because it’s inherently a future cost-saving measure, not a revenue-increasing one. As security ownership expands across the organization, cyber teams need to partner with business owners to understand how data is being used and where duplication exists. Then they can work together to quantify risk and manage budgets holistically.
“Across industries, we see similar behavior,” Rao says. “Security hygiene factors are frequently ignored in favor of more exciting new tech, so there’s catch-up to do there. At the same time, leaders need to reset the way they view security costs. Security teams must engage with the broader business and bring them into the tent.”
Employing AI can slash workloads by eliminating manual steps. Less grunt work for human analysts frees them to focus on more strategic tasks. Stretch limited resources with automation wherever possible.
Heighten vigilance against threats with continuous monitoring to reveal and reduce the most critical gaps. Automation tools can collect, analyze, and present risks, progress, and trends over time to demonstrate the positive impact of investments.
4. Use AI to do the legwork
With more regulations on the horizon, organizations should be thinking beyond key performance indicators and check boxes. Gathering the right data, synthesizing it, and reporting on it is a complex task. Leaders can't afford to keep growing their reporting or technology teams—or adding more tools.
Rao is encouraged by an increased appetite from leaders to dig into what different obligations mean for all stakeholders. “Delivering a better digital experience inherently brings more risk to the organization,” he says. “But we’re seeing more leaders asking the right questions around protecting the interests of the general public, not just meeting the regulator’s checklist.”
Powered by AI, regulatory change management systems can update frameworks used in compliance monitoring and reporting. Automated monitoring collects and reports compliance data with less effort and fewer spreadsheets.
It’s inevitable that every organization will eventually fall victim to an attack or suffer a data breach. AI offers executives the ability to be proactive, improving response times, reducing recovery costs, and maintaining customer—and employee—trust.
Find out how Australian firms are using AI.
© 2023 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.
