CIO OPINION
AI will impact CISO ’ s role and capabilities in years ahead
As 2025 dawns , the CISO must question the status quo and ask themselves how things need to change in the coming year . Is AI a risk that requires a new security strategy ? Could it also be the answer to facing down a threat landscape that is scaling up in terms of both volume and stealth capabilities ? Would AI play the role of traffic police officer , analyst , auditor , advisor ? And what of the human factor ? Will AI replace security professionals or augment their efforts ?
Consider that AI models consist of open-source and first-party code deployed on premises , in the cloud , or both . Infrastructure , software-pipeline , and supply-chain security practices still apply . So again , the question is , do we really need a complete security rethink ?
My recommendation is that security teams proactively address these evolving threats by developing robust threat models and establishing guardrails secure by default solutions . The key challenge lies in balancing the desire for rapid digital transformation with the imperative of safeguarding enterprise assets against potential AI-related abuses .
Over the next five years , we can expect significant improvements in operational and capital efficiency for defenders , as AI continues to automate routine tasks and streamline processes . This will free security practitioners to focus on more complex challenges , particularly those involving irreducible uncertainty situations , where the risk cannot be fully understood through empirical data .
As the deterministic aspects of cybersecurity are automated , the role of experts will increasingly shift toward decision-making in uncertain scenarios . AI will aid in modelling these risks , but the effectiveness of these models will heavily depend on the expertise and assumptions of the security professionals using them .
Measuring risk is a core capability , not a product . As cybersecurity maturity grows , the integration of financial metrics with technical security data will become critical . The industry calls this cyberrisk quantification , CRQ , but I call it cybersecurity risk management . You cannot extract quantitative measurement from the broader domain of cybersecurity risk management , they are one and the same . The good news is that the majority of CISOs will have CRQ capabilities in 2025 , in part or integrated into their cybersecurity risk management programs .
The CISO that focuses on economic and operational efficiency will be fast friends with business focused leaders . The modern CISO will see risk management as minimising business impact without breaking the bank . It is that simple in theory . In practice , the CISO must do this in a structured manner that is explainable to business stakeholders and executable by operators , which goes back to measurement as a career skill and core security capability .
Richard Seiersen , Chief Risk Technology Officer , Qualys
UAE organisations often lagging adversary ’ s AI adoption
The art of cybersecurity continues to be non-holistic among regional businesses . Companies work with point solutions , each geared towards a specific area , such as endpoints or networks . This leads to data silos and an open field for attackers who understand how to decipher their attacks so no one tool can detect a breach . As such , the visibility of the security team is compromised .
In 2025 , we expect to see UAE enterprises prioritise vendor consolidation , not only to cut costs but to give the SOC a single pane view of the attack surface .
Cheaper AI has lowered entry hurdles for threat actors . In some cases , this has been done by plugging technical knowledge gaps for attackers ; in others , AI has provided more grammatically and aesthetically convincing phishing messages , increasing the likelihood of success in credentials theft . The same tools can be leveraged by potential targets to bolster their cyber defences , but so far , we see UAE organisations often lagging their adversaries ’ adoption .
In 2025 , we believe this trend will begin to reverse itself , with business and technology leaders collaborating on ways to focus cyber investments where they will have the greatest impact .
Sertan Selcuk , VP METAP and CIS , OPSWAT
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 47