• United States



UK Editor

Generative AI could erode customer trust, half of business leaders say

Nov 08, 20234 mins
ComplianceCSO and CISOGenerative AI

Businesses leaders admit their company needs to improve security and compliance measures as demands of customers, investors, and suppliers increase.

Two business men partners during meeting in office. Negative attitude to applicant, bad first impression, hr manager looking at candidature with distrust, unsuccessful, failed job interview concept
Credit: fizkes / Shutterstock

Over two-thirds of businesses leaders say their company needs to improve security and compliance measures with a quarter rating their organization's security and compliance strategy as reactive. That's according to the Vanta State of Trust Report which surveyed the behaviors and attitudes of 2,500 business leaders across Australia, France, Germany, the UK, and US to understand the challenges and opportunities they're facing when it comes to security and trust management.

The research found that the rapid rise of generative AI and expansion of the attack surface, combined with shrinking teams and budgets, are fueling an urgent need for companies to improve - and prove - their security posture to maintain customer trust. Compounding the urgency is ever-evolving global regulation and the growing need to comply with an increasing number of standards. However, AI adoption is making secure data management more challenging with generative AI having the potential to erode trust, according to the report.

Without proper guardrails, the industry recognizes the inherent risks of using generative AI, including limited transparency into decision-making due to the vast number of weighted data points that large language models (LLMs) use, it added. As a result, 54% of the businesses leaders Vanta polled said AI regulation would make them more comfortable investing in it. Separate research from cybersecurity firm RiverSafe found that 95% of security leaders want the same in relation to AI cybersecurity. The report, titled AI Unleashed: Navigating Cyber Risks, revealed the attitudes of 250 cybersecurity leaders towards the impact of AI on cybersecurity.

Security and compliance strategies create stronger customer trust

Two-thirds of those surveyed said that customers, investors, and suppliers are increasingly looking for proof of security and compliance. Almost three-quarters (70%) of respondents said that a better security and compliance strategy positively impacts their businesses thanks to stronger customer trust, while 72% agreed that a better security and compliance strategy would make them more efficient. While 41% of businesses provide internal audit reports, 37% third party audits, and 36% complete security questionnaires, 12% admitted they don't or can't provide evidence when asked. This number is lowest in the US (10%), but it increases to 16% in Australia, the highest of any country surveyed by Vanta.

Risk visibility, resource constraints impact security, compliance efforts

Risk visibility plays a key role in organizations' ability to improve security and compliance, as do resource constraints, according to the report. Only four in ten respondents rated their company's risk visibility as strong, with identity and access management (IAM) (39%) and data processing that doesn't comply with regulations (38%) the two biggest blind spots for organizations. Meanwhile, 60% have either already reduced IT budgets or are planning to as they grapple with challenging global economic situations, with one in four having downsized IT staff. On average, only 9% of IT budgets are dedicated to security, further exacerbating resource constraints, the report found. The biggest barriers to proving and demonstrating security externally are a lack of staffing (33%) and automation to replace manual work (32%), it added.

Vanta Trust Center to help businesses showcase security and compliance

In conjunction with its report, Vanta also announced the launch of the Vanta Trust Center, a new offering to help companies showcase their security and compliance posture, build trust, and streamline security reviews. With use of Vanta AI, Trust Center significantly reduces the manual, repetitive tasks hampering security and sales teams, freeing up valuable time and resources while enhancing customer trust, the firm said.

By reducing time spent on security questionnaires and automating the collection of scattered security information, Trust Center can help customers reduce deal timelines by 30%, while advanced workflows increase operational efficiency by allowing prospects to self-serve the information they need to evaluate a vendors' security, the company claimed.

Features of Trust Center include:

  • Enhancing the out-of-the-box experience to publicly display security information and commitments with zero setup required.
  • Displaying security controls continuously monitored by Vanta to provide ongoing proof of security.
  • Streamlining the vendor and buyer relationship by enabling them to choose the Trust Center documents they require.
  • Implementing a secure DocuSign workflow for non-disclosure agreements (NDAs) fa.
  • Integrating with Salesforce to automate access requests based on custom access rules. Providing easy access to valuable ROI insights, empowering better decision-making, and deeper understanding of the relationship between account size, revenue, and security.
UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author