Nearly 60% of senior technology managers said they would adopt emerging technologies, such as artificial intelligence (AI), blockchain, cloud, edge and quantum computing, Internet of Things (IoT), and robotics, for improved cybersecurity.
The new research from ISACA also shows 73% or respondents cited anticipated cost savings as a driver for adopting these emerging technologies.
ISACA's "The Pulse: Emerging Technology 2021" report focuses on 13 emerging technologies. Some 53% of respondents said they run cloud-enabled technologies, while the other categories trailed far behind. For example, 22% deploy AI, 21%, deploy IoT, and 20% deploy robotics.
Cost savings will loom large in the C-suite for some time, especially as it pertains to stockholders, says Dustin Brewer, ISACA’s senior director of emerging technologies and innovation. While he sees cybersecurity shifting to become a bigger part of enterprises' budget, it will fall on security teams to convince board members that spending on cyber is the right thing to do.
“We have to bring every employee, every endpoint on the network into the conversation on how cyber will save money because if we don’t have to pay a $4 million ransom to an entity that put ransomware on our computers, then that saves us $4 million,” Brewer says.
Source: "The Pulse: Emerging Technology 2021" report, ISACA
ISACA's study also found 82% of respondents are at least somewhat concerned about the ability of their current infrastructure to safeguard emerging technologies. In regard to AI and machine learning (ML) systems, 46% said they are only somewhat confident in their enterprises' ability to assess the security of these systems, 28% said they are extremely or very confident, and 26% said they are not confident. When asked about security concerns related to quantum computing, 68% said quantum computing will likely break encryption standards within the next five to seven years.
Survey respondents sent somewhat of a mixed message about deploying emerging technologies: While the vast majority said they would do so because it would improve cybersecurity, 44% also said cybersecurity risk would contribute to their overall resistance to deploying the new technology. In addition, 72% said they are concerned that emerging technologies would cost too much.
Much of this comes back to the need for security pros to convince the board to focus more on cyber, Brewer says. But he points out that all the technologies covered in the study, with the exception of quantum computing, are all classical computing technologies built on the same systems the industry has used since the 1970s.
“When the Internet was created, it wasn’t built with security in mind. It was built for communications and data sharing,” Brewer says. "Every time we build something new, we are building on an insecure infrastructure. And while we are creating new protocols like HTTPS, every time you plug in a new system, your network gets bigger, and that’s one thing you have to secure. So if you introduce AI and machine learning, that adds more complexity and cyber-risk.”
Frank Dickson, program vice president with IDC’s cybersecurity products research practice, notes that whether new devices make a network vulnerable just depends on the technology and the company’s environment. In some environments, he says, emerging technologies may replace devices with old and antiquated operating systems that are incredibly vulnerable. Emerging technologies today are built with much greater attention to the cyber integrity of the device, he says. In contrast, some technologies may skip steps to capture first-mover advantages in the market, not slowing to consider security.
“Realistically, whether we are concerned or not, emerging technologies will happen,” Dickson said. “Some 50% of IT spend is now made by line-of-business buyers in the name of digital transformation. Get on the train or get run over by the train; digital transformation does not mind. Emerging technologies will happen though.”Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio