Latest news with #JamieNorton
Techday NZ
26-06-2025
- Business
- Techday NZ
Organisations lag in AI policies & skills as workplace use surges
A new survey has found that while artificial intelligence use is widespread in workplaces, most organisations are unprepared to address associated risks due to a lack of formal policies and training. ISACA's annual AI Pulse Poll, which surveyed 3,029 digital trust professionals across the globe, revealed that 81 percent of respondents believe employees at their organisation use AI, regardless of whether it is officially permitted. Despite this high adoption rate, only 28 percent of organisations have a formal AI policy in place. According to the research, 22 percent of organisations provide AI training to all staff. In contrast, almost one third of organisations provide no AI training at all, while 35 percent restrict training to IT-related roles. Most digital trust professionals view this skills gap as pressing, with 89 percent saying they will need AI training within the next two years to retain or advance their careers, and 45 percent indicating it will be required within six months. Jamie Norton, Board Director at ISACA, highlighted that the integration of AI tools at work is outpacing the development of organisational oversight and policy. He pointed to growing risks from sophisticated threats, such as deepfakes, that organisations are not sufficiently prepared to counter. AI is already embedded in daily workflows, but ISACA's poll confirms governance, policy and risk oversight are significantly lacking. A security workforce skilled in AI is absolutely critical to tackling the wide range of risks AI brings, from misinformation and deepfakes to data misuse. AI isn't just a technical tool, it's changing how decisions are made, how data is used and how people interact with information. Leaders must act now to establish the frameworks, safeguards and training needed to support responsible AI use. The survey found that while AI is delivering tangible benefits—68 percent report time savings and 56 percent expect a positive impact on their career in the next year—organisations lag in implementing comprehensive frameworks. Only 28 percent have a formal AI policy, although this figure is up from 15 percent last year. Similarly, 59 percent permit the use of generative AI, up from 42 percent in the previous year. Respondents are employing AI for a variety of functions: 52 percent to create written content, 51 percent to boost productivity, 40 percent to automate repetitive tasks, 38 percent for analysing large data volumes, and 33 percent in customer service roles. Despite these applications, understanding of AI remains limited. Over half (56 percent) consider themselves somewhat familiar with the technology, 28 percent very familiar, and only 6 percent extremely familiar. Concerns about the risks associated with AI are significant. Sixty-one percent report being very or extremely concerned about generative AI being exploited by malicious actors. Fifty-nine percent believe AI-powered phishing and social engineering attacks have become harder to detect, and 66 percent expect deepfake attacks to become more sophisticated within the next year. Despite these risks, only 21 percent of organisations are investing in detection or mitigation tools for deepfakes. Questions also remain around organisations' ability to manage the ethical aspects of AI. Forty-one percent think ethical issues such as privacy, bias, and accountability are being addressed adequately, while just 30 percent express high confidence in their organisations' ability to detect AI-related misinformation. For many organisations, AI risks are still not a top-level priority. Only 42 percent view them as an immediate concern. The top cited risks include misinformation or disinformation (80 percent), privacy violations (69 percent), social engineering (63 percent), loss of intellectual property (53 percent), and job displacement (40 percent). Jason Lau, ISACA Board Director and Chief Information Security Officer at commented on the need for continuous learning and updated AI policies. Enterprises urgently need to foster a culture of continuous learning and prioritise robust AI policies and training in AI, to ensure they are equipping their employees with the necessary expertise to leverage these technologies responsibly and effectively—unlocking the AI's full potential. It is just as important for organisations to make a deliberate shift to integrate AI into their security strategies—threat actors already are doing so, and failing to keep pace will expose organisations to escalating risks. The survey indicates that organisations are recognising the need for more AI skills: nearly a third expect to increase jobs for AI-related functions within the next year. Additionally, 85 percent believe many roles will be modified because of AI, while 84 percent rate their own expertise as beginner or intermediate. Seventy-two percent of respondents say AI skills are very or extremely important for professionals in their field at present. The findings suggest organisations must address the skills gap and integrate AI risk management into their broader security and governance strategies if they are to respond to the challenges of expanding AI adoption in the workplace.
Techday NZ
30-04-2025
- Business
- Techday NZ
Majority unprepared for quantum computing's security risks
Most organisations remain unprepared for the security and business implications of quantum computing, despite growing concerns among professionals about the potential risks it poses to current encryption methods, according to recent research from ISACA. The ISACA Quantum Computing Pulse Poll, which surveyed more than 2,600 professionals in fields such as digital trust, cybersecurity, IT audit, governance and risk, found that while awareness of quantum computing's transformative potential is increasing, concrete planning and readiness measures are largely absent from organisational agendas. According to the poll, 62% of technology and cybersecurity professionals are concerned that quantum computing could break today's internet encryption, raising the possibility of vulnerabilities in digital signatures, websites, utilities and medical records. However, just 5% of respondents said that their organisation considers quantum computing a high priority for near-term planning, and only 5% report having a defined strategy for it. Jamie Norton, ISACA Board Director, highlighted the accelerating pace of quantum computing and the significant implications for sectors that handle large volumes of sensitive data. He said, "Too many Australian and New Zealand organisations remain in reactive mode and underestimate quantum computing's potential to break existing encryption. Now is the time to assess whether you have the expertise to implement post-quantum cryptography solutions and start building internal capability. This is essential to mitigate its impact and protect sensitive data, maintain customer trust and ensure long-term business resilience." The research underscores that many see potential for quantum technology to drive major advancements. Sixty-three percent of respondents expect quantum computing to significantly speed up computational tasks or data analysis, and 46% anticipate that it will lead to revolutionary innovation. Nearly half (48%) are optimistic about the impact quantum computing could have within their sector. At the same time, respondents are alert to new risks, with 63% saying quantum computing will increase or shift cybersecurity risks. More than half (57%) believe it will create new business risks, 52% expect that it will change the skill sets required by businesses, and 50% foresee challenges around regulation and compliance. Among participants from Oceania, concern was even higher across all these areas by at least 10 percentage points. A total of 62% of respondents expressed concern that quantum computing could break current internet encryption before new, quantum-resistant algorithms have been fully implemented. More than half (56%) cited fears around the so-called "harvest now, decrypt later" threat, whereby data is stolen now with the intention of decrypting it using quantum computers in the future. Despite a quarter of poll respondents believing that quantum computing will have an industry-wide impact within five years, and 39% saying they expect it in six to ten years, many organisations are taking a wait-and-see approach. Forty-one percent report no plans to address quantum computing at this time and 40% are not aware of their company's intentions regarding quantum issues. When questioned on the role of quantum computing in their current technology strategies, only 15% indicated it was on a long-term roadmap, while 19% had discussed it in some form but made no formal plans, and 37% had not discussed it at all. Nearly a quarter (24%) were unsure of their organisation's view on the matter. The poll findings also point to significant knowledge gaps. Only 7% of respondents claimed to have a strong understanding of the new post-quantum cryptography standards developed by the US National Institute of Standards and Technology (NIST), while 44% said they had never heard of them. Many organisations have yet to take decisive action to prepare for quantum computing. More than half (55%) have not started any preparatory steps. Of those that have, actions cited include: assessing regulatory or compliance implications (46%); exploring quantum-safe cryptography (38%); collaborating with quantum hardware or software providers (28%); training staff (27%); and investing in research and proof-of-concept initiatives (27%). The poll also found that 30% of global cyber and IT professionals do not feel they have a good understanding of quantum computing's capabilities, highlighting the need for training and skills development in this area. Rob Clyde, chairman, Crypto Quantique, and past ISACA board chair, advised that organisations begin preparing now. He said, "Start by 1) identifying where encrypted data are stored and devices that use encryption, 2) developing a plan to transition to post-quantum cryptography prioritising critical data and systems, and 3) continuously monitoring for updated software and firmware with post-quantum cryptography. Waiting until quantum computing is here is too late, especially given today's harvest-now, decrypt-later threat."
Business Wire
28-04-2025
- Business
- Business Wire
Despite Rising Concerns, 95% of Organizations Lack a Quantum Computing Roadmap, ISACA Finds
SCHAUMBURG, Ill.--(BUSINESS WIRE)--While 62 percent of technology and cybersecurity professionals are worried that quantum computing will break today's internet encryption, only 5 percent say it's a high priority for the near future, and just 5 percent say their organizations have a defined quantum computing strategy, according to new research from ISACA's global Quantum Computing Pulse Poll. Despite rising concerns, 95% of organizations lack a quantum computing roadmap, ISACA finds. Share More than 2,600 global professionals in digital trust, cybersecurity, IT audit, governance and risk were surveyed in this inaugural ISACA poll on the perceptions and preparations around quantum computing. Potential for both transformation and risk Quantum computing has revolutionary potential; however, there are also clear concerns about the risks it presents. Nearly half (48 percent) are very or somewhat optimistic about quantum computing's impact in their sector/industry, 63 percent believe it will speed up computational tasks or data analysis significantly, and 46 percent say it will create revolutionary innovations. However, many anticipated outcomes of quantum require significant preparation. Sixty-three percent say quantum will increase or shift cybersecurity risks and 57 percent say it will create new business risks. Poll respondents (62 percent) are worried about quantum computing breaking today's internet encryption before browsers and websites fully implement the new post quantum cryptography algorithms approved by National Institute of Standards and Technology (NIST) standards. They are also focused on the potential for cybercriminals to start collecting encrypted data now and decrypt it once quantum computing becomes viable—with 56 percent citing the practice, known as 'harvest now, decrypt later,' as a concern. 'Many organizations underestimate the rapid advancement of quantum computing and its potential to break existing encryption,' says Jamie Norton, ISACA board director. 'They need to start examining whether they have the expertise to implement post-quantum cryptography solutions now, to ensure they are able to effectively mitigate its impacts.' Despite expected impacts, planning continues at a slow pace It appears many organizations have not yet mobilized to prepare for these coming changes. Forty percent are not aware of their company's plans, and 41 percent say they do not plan to address quantum computing at this time—even though 25 percent believe that the transformative potential of quantum computing will be realized on an industry-wide scale within the next five years, and 39 percent feel it will happen in six to 10 years. When asked about how their organization views quantum computing within its current technology or innovation strategy: 5 percent consider it a high priority for near-term planning 15 percent say it is on their long-term roadmap but not a near-term priority 19 percent say they have discussed it but not made any formal plans 37 percent have not discussed quantum computing at all 24 percent don't know Additionally, only 7 percent of the poll respondents say they have a strong understanding of the new NIST standards, even though NIST has been working on them for more than 10 years. Forty-four percent admit they have never heard of them. Taking action, prioritizing quantum skills More than half (55 percent) of enterprises have not taken steps to prepare for quantum computing. Additionally, a third of global cyber and IT professionals (30 percent) do not have a good understanding of the capabilities of quantum computing, indicating there is work to do to upskill and educate those working in the IT sector to have a skilled workforce ready for the advent of quantum. Rob Clyde, chairman, Crypto Quantique, and past ISACA board chair, notes that digital trust professionals should educate stakeholders about quantum computing risks and the urgent need for post-quantum solutions. 'Start by 1) identifying where encrypted data are stored and devices that use encryption, 2) developing a plan to transition to post-quantum cryptography prioritizing critical data and systems, and 3) continuously monitoring for updated software and firmware with post-quantum cryptography,' said Clyde, who is presenting on this topic at the ISACA North America Conference in May. 'Waiting until quantum computing is here is too late, especially given today's harvest-now, decrypt-later threat.' Learn more about ISACA'S Quantum Computing Pulse Poll at About ISACA For more than 55 years, ISACA ® ( has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.
