Smaller businesses embrace GenAI, overlook security measures

Organizations are feeling the pressure to rush into generative AI (GenAI) tool usage, despite significant security concerns, according to Zscaler.

More than 900 global IT decision makers, although 89% of organizations consider GenAI tools like ChatGPT to be a potential security risk, 95% are already using them in some guise within their businesses.

GenAI-related security measures

Even more worryingly, 23% of this user group aren’t monitoring the usage at all, and 33% have yet to implement any additional GenAI-related security measures – though many have it on their roadmap. The situation appears particularly pronounced among smaller-sized businesses (500-999 employees), where the same number of organizations are using GenAI tools (95%), but as many as 94% recognize the risk of doing so.

“GenAI tools, including ChatGPT and others, hold immense promise for businesses in terms of speed, innovation, and efficiency,” emphasized Sanjay Kalra, VP Product Management at Zscaler. “However, with the current ambiguity surrounding their security measures, a mere 39% of organizations perceive their adoption as an opportunity rather than a threat. This not only jeopardizes their business and customer data integrity, but also squanders their tremendous potential.”

The driving force behind GenAI usage

The rollout pressure isn’t coming from where people might think, however, with the results suggesting that IT has the ability to regain control of the situation. Despite mainstream awareness, employees do not appear to be the driving force behind current interest and usage – only 5% of respondents said it stemmed from employees. Instead, 59% said usage was being driven by the IT teams directly.

“The fact that IT teams are at the helm should offer a sense of reassurance to business leaders,” Kalra continued. “It signifies that the leadership team has the authority to strategically temper the pace of GenAI adoption and establish a firm hold on its security measures, before its prevalence within their organization advances any further. However, it’s essential to recognize that the window for achieving secure governance is rapidly diminishing.”

With 51% of respondents anticipating a significant increase in the interest of GenAI tools before the end of the year, organizations need to act quickly to close the gap between use and security.

Here are a few steps business leaders can take to ensure GenAI use in their organization is properly secured:

• Implement a holistic zero-trust architecture to authorize only approved AI applications and users.
• Conduct thorough security risk assessments for new AI applications to clearly understand and respond to vulnerabilities.
• Establish a comprehensive logging system for tracking all AI prompts and responses.
• Enable zero trust-powered data loss prevention (DLP) measures for all AI activities to safeguard against data exfiltration.