Gartner®
The Impact of Generative AI on Security Behavior and Culture Programs
CybSafe is committed to bringing you the latest research in cybersecurity.
We’re sharing what we believe to be an essential resource, Gartner® The Impact of Generative AI on Security Behavior and Culture Programs.
We believe that this report is indispensable for all security and risk management (SRM) leaders, for instance CISOs, CROs, and anyone who’s interested in strengthening security culture and reduce risk.
Today, threat actors exploit generative AI (GenAI), enabling them to rapidly and continuously adapt their attack tactics. GenAI also makes it far easier for employees across the organization to undertake technology work. What’s more, traditional (or legacy) cybersecurity skills training falls short in addressing modern GenAI risks.
The integration of AI into security behavior and culture program capabilities is not a recent cybersecurity trend. For the past decade, SRM leaders and vendors have incorporated AI elements. What is new, however, is the rapid and pervasive emergence of GenAI.
Many leaders are still in the experimentation phase, exploring the best ways to leverage GenAI within their security training programs.
This research aims to delve into the impact of GenAI on these capabilities, specifically addressing tools and content.
We view this report as full of critical findings and actions that form an accessible way forward for SRM leaders who want to develop robust and adaptable security cultures that are built to last.
Gartner®, The Impact of Generative AI on Security Behavior and Culture Programs, by Alex Michaels, Will Candrick, Richard Addiscott, Andrew Walls, Victoria Cason, 11 November 2024.
Report highlights
“By 2028, the adoption of generative augments will collapse the skills gap, removing the need for specialized education from 50% of entry-level cybersecurity positions.”
“SRM leaders should understand how this technology can be used to improve security training programs, and more importantly, the organization’s overall security culture.”
“Measurable employee behavior change is the primary objective of the vast majority (84%) of training programs; yet, less than half (43%) of programs consistently measure employee behavior. GenAI can improve security training metrics and reporting.”
“Advanced social engineering campaigns utilize GenAI algorithms to automatically deliver microtrainings to employees in real-time, exactly when they are most susceptible to falling for a phishing attempt.”
“GenAI will enable SRM leaders to create hyperpersonalized learning material that speaks to each employee’s unique requirements.”
Source: Gartner®, The Impact of Generative AI on Security Behavior and Culture Programs, by Alex Michaels, Will Candrick, Richard Addiscott, Andrew Walls, Victoria Cason, 11 November 2024.
Disclaimer: GARTNER® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.