As with many new technologies, the question arises with generative AI and large language models (LLM) such as ChatGPT: are companies aware of their potential risks and how do they deal with them? Gigamon, a company active in the field of deep observability, wanted to find out exactly and conducted a study asking CIOs/CISOs from 150 German companies how they assess the security of modern technologies. The result: three quarters of the companies surveyed (75%) have no security concerns when their employees use ChatGPT. Only 5% have banned the AI chatbot from their company and a further 20% are currently concerned about the risks.

Interestingly, companies are less lenient when it comes to other technologies. When it comes to the Metaverse and WhatsApp, 100% of CIOs/CISOs agree that there are security risks. For example, 67% of them have banned the instant messenger in the corporate environment; the metaverse is rejected by 2%. In both cases, the rest are at least concerned with possible cyber risks.

The same applies to TikTok: In ten percent of companies, the short video app is taboo; 89% are investigating the risk potential. Only one percent have no concerns and allow TikTok in the company.

"ChatGPT creates a false sense of security"

The security risks of these platforms are therefore widely known and the majority of companies take them seriously. The situation is different with ChatGPT - even though the AI chatbot also poses a significant threat to companies. Internal company information or other sensitive information that employees share with ChatGPT can end up in the training data pool and be stolen in the course of an attack on OpenAI. During the ChatGPT outage in March 2023, a bug even ensured that chat entries were publicly visible. There are also indirect risks, as cybercriminals can use the AI tool to create trustworthy-looking phishing emails, construct false identities or develop malware.

Andreas Junck, Senior Sales Director DACH at Gigamon, advises: "The fact that they don't have to download anything for ChatGPT gives users a false sense of security. As a rule, employees should be on the lookout for suspicious emails and not download unknown files or click on strange links. However, the AI chatbot can now be used to write authentic applications, websites and emails that conceal fraudulent activities. This increases the risk of employees falling victim to an attack. That's why companies need to prepare for emergencies if they don't want to do without ChatGPT. The key to greater security - for example as part of a zero trust model - is comprehensive visibility right down to the network level. This makes potential blind spots where cyber criminals are nesting visible to security teams and attacks can be detected and combated more quickly."

In view of the current threat situation, blind spots within the IT stack are a major challenge for 52% of German CIOs/CISOs. Nevertheless, many of them still lack visibility. Only 29% of them have a comprehensive visibility baseline across networks, systems and applications to support their zero trust architecture. Just 21% have visibility into encrypted data.

About the methodology of the study:
The online survey was commissioned by Gigamon and conducted by Vitreous World. A total of 1,020 CIOs/CIOs and C-level executives from Germany, the UK, France, the USA, Singapore and Australia took part in the survey. The survey period was from April 19 to June 2, 2023.