Gartner predicts that 50% of all enterprise cybersecurity incident response efforts will be focused on incidents involving custom-built AI-driven applications by 2028, underscoring the urgent need for CISOs in Asia to enhance their strategies in light of the rapid adoption of AI technologies.
Christopher Mixter, VP analyst at Gartner, highlighted that “AI is evolving quickly,” but many organisations deploy custom-built AI applications before they are fully tested. This creates significant complexities in securing these systems over time.
“Most security teams still lack clear processes for handling AI-related incidents,” he noted, indicating that such inadequacies can delay incident resolution and increase overall effort.
Gartner's insights suggest that security leaders should become involved early in AI application projects to allocate appropriate resources and establish robust security protocols. This proactive approach is particularly relevant for CISOs in Asia, where regulatory environments are becoming increasingly stringent, especially regarding AI usage.
The report underscores that by 2028, over 50% of enterprises are expected to employ AI security platforms to secure third-party service usage and protect custom-built applications. These platforms enable organisations to manage risks associated with rapid AI adoption—such as prompt injection and data misuse—by centralising visibility and control.
“CISOs must evaluate AI security platforms to ensure they can adequately secure both third-party and custom applications,” Gartner emphasises.
Furthermore, manual compliance processes are projected to expose 75% of regulated organisations to fines exceeding 5% of their global revenue by 2027. Gartner stresses the importance of establishing cyber governance risk and compliance mechanisms, advocating for the integration of compliance through technology to manage these growing challenges.
The predictions also emphasise the necessity for organisations to address the “AI data debt” that hampers AI readiness. Poorly secured and unstructured data poses a significant barrier, compelling cybersecurity leaders to collaborate with data analytics specialists to enhance data access control and discovery.
As geopolitical tensions escalate, 30% of organisations will need to ensure comprehensive sovereignty of their cloud security controls by 2027. This necessitates a strategic shift in vendor selection for cloud services and highlights the critical role of CISOs in defining organisational sovereignty requirements.
As the cybersecurity landscape continues to evolve, CISOs in Asia must adapt their strategies to effectively manage AI-related risks while maintaining compliance with regulatory mandates.
