AI drives rising risk & burnout for ANZ security chiefs

Security leaders in Australia and New Zealand are reporting a sharp rise in accountability and personal exposure as artificial intelligence becomes embedded across business operations, according to a new survey of chief information security officers (CISOs).

More than nine in 10 CISOs in ANZ said the role's responsibilities and expectations have become more complex and difficult since they took the job. The findings align with broader global data showing a widening remit for security leaders that now includes AI governance and risk management.

Personal liability stood out as a key concern. More than 82% of ANZ CISOs said they are worried about personal liability for cybersecurity incidents. The survey also found a willingness to escalate issues: 44.3% said they would become a whistleblower if their organisation was wilfully ignoring security best practice or compliance requirements and putting the business at risk.

AI governance

The results suggest CISOs are changing how they measure AI's value in security programmes. In ANZ, 92.9% said they use mean time to detect and mean time to respond to assess the impact of AI on their security programme.

Respondents also reported stronger automation outcomes, with nearly two thirds of ANZ CISOs saying they had exceeded expectations in automation.

Concerns about oversight and accuracy remain prominent as organisations consider broader use of agentic AI. In ANZ, 88.6% ranked missed alerts or false positives caused by hallucinations as their main concern. Half also cited a lack of human oversight or AI making critical decisions.

Most respondents said they are tightening controls around the technology, with more than 84% enhancing AI governance capabilities and controls.

"The CISO role in ANZ is expanding in both scope and accountability. As AI becomes woven into the fabric of business operations, the mandate is moving beyond technology investment to governance, regulatory readiness and broader executive risk ownership," said Marc Caltabiano, Regional Vice President, ANZ, Splunk.

Threat pressure

Globally, the report surveyed 650 CISOs across multiple markets and industry groups. More than half said their responsibilities and expectations have become harder over the past year.

Threat actor sophistication featured heavily in the global results. Some 95% cited growing threat actor capabilities as their greatest risk. Improving threat detection and response was a top priority for 92%, followed by identity and access management (78%) and investment in AI cybersecurity (68%).

In the same dataset, 92% said AI allows their teams to review more security events, while 89% reported improved data correlation.

Agentic AI was a specific focus. Among CISOs who have partially or fully adopted it, 39% strongly agreed it has more than doubled their teams' reporting speed, compared with 18% of those still exploring the technology.

Expectations for future impact were also high: 82% believe agentic AI will increase the amount of data reviewed, and another 82% said it will increase correlation and response speeds.

Skills and strain

The ANZ findings also highlight persistent shortfalls in specialist skills. Threat hunting and cyber threat intelligence ranked as the most lacking skills for 90% of CISOs in the region.

Burnout remains a material issue. Half of ANZ CISOs reported moderate burnout and 21.4% reported significant burnout. On workforce planning, 48.6% expect some skills gaps to remain unfilled and 31.4% expect most skills gaps to remain unfilled.

Global data points to similar pressure across security teams, with nearly two thirds experiencing moderate to significant burnout. High alert volumes, false alerts and tool fatigue ranked among the leading stressors.

Business alignment

ANZ CISOs flagged obstacles in communicating outcomes and investment value to business leaders. Some 88.6% cited conflicting priorities between the business and security as a main barrier to accurately demonstrating return on investment, while 81.4% pointed to a lack of clear key performance indicators.

Asked what best represents a successful cybersecurity programme, 88.6% of ANZ respondents ranked a reduction in security incidents as the most representative outcome.

Technology change is another complicating factor for the year ahead. Some 51.4% of ANZ CISOs said the pace of technological advancement, including AI and quantum computing, is a significant challenge for cybersecurity programmes. Another 47.1% cited threat actor sophistication as a significant challenge, while 67.1% said geopolitical and macroeconomic uncertainty is a minimal challenge.

"With AI regulations evolving and oversight under greater scrutiny, security leaders need to find the right balance in using automation effectively while maintaining human intelligence in the approach. AI is a powerful enabler, but accountability and judgement still rely on human expertise and creativity," said Caltabiano.

"For CISOs, that means empowering teams with AI, having the right guardrails in place, being clear about who owns risk, and ensuring the broader leadership team is aligned," said Caltabiano.