Penetration testing is now a key component of CISO strategy.

Security leaders are re-evaluating their cybersecurity strategies as digital supply chains grow and Generative AI becomes integral to critical systems. A recent survey by Emerald Research, involving 225 security leaders, revealed that 68% are apprehensive about the risks associated with third-party software and components. While most respondents claim to meet regulatory requirements, 60% acknowledge that attackers are evolving too rapidly to ensure resilience. The report underscores a rising tension between compliance and actual security, with leaders advocating for stronger controls, quicker remediation, and enhanced visibility into emerging AI risks. Many now perceive cybersecurity as a strategic business issue rather than merely a technical concern.

Third-party tools remain the primary worry, but concerns regarding Generative AI are increasing. Nearly half of the respondents express unease about AI-driven features and large language models. Boards are also recognising the importance of this issue, with 68% of security leaders stating that their boards now prioritise the secure deployment of Generative AI. These concerns are substantiated by findings from penetration tests of AI applications, which indicated that 32% had high-risk vulnerabilities, a rate higher than that of other system categories. The complexity of software supply chains, which often include a mix of proprietary code, open-source components, and external services, further exacerbates these concerns. Seventy-three percent of executives reported receiving at least one notification of a supply chain vulnerability or incident in the past year, prompting 83% to face formal requirements for vendor security demonstrations. 

Categories: Cybersecurity Concerns, Third-Party Software Risks, Generative AI Threats 

Tags: Cybersecurity, Digital Supply Chains, Generative AI, Third-Party Software, Compliance, Penetration Testing, Vulnerabilities, Risk Management, Vendor Security, Insider Threats