CISO Perspectives Report: AI and Digital Supply Chain Risks

53% of respondents supplement their efforts with internal testing

73% of security leaders reported receiving at least one notification of a software supply chain vulnerability or incident within the past year.

Nearly nine in 10 security leaders (88%) view penetration testing as an essential component of their overall security programme.

55% of respondents conduct independent code reviews.

46% of security leaders are uneasy about AI-driven features and large language models.

55% of security leaders are constantly worried that a single employee mistake could put their entire organisation at risk.

60% of security leaders believe that attackers are evolving too quickly to maintain a truly resilient security posture.

68% of security leaders are concerned about the risks associated with third-party software tools and components integrated into their tech stacks.

68% of security leaders state that their boards now view the secure deployment of generative AI as a critical priority.

More than half (58%) of respondents require third-party penetration test reports to validate software security.

68% of CISOs consider supply chain risk and generative AI security to be top concerns, viewing them as intertwined challenges that are redefining the attack surface.