Across industries, employees are quietly embracing generative and agentic AI to work faster and smarter, using chatbots to draft content, summarize data, and even code through “vibe coding.”

A recent KPMG study reveals that 58% of employees now use AI tools daily, often because they outperform enterprise systems. But speed without oversight creates exposure. Nearly half admit to uploading sensitive company data to unauthorized platforms. What began as a productivity boost is quickly becoming a hidden security threat operating inside the firewall.

I began my last blog post by quoting from a business forum I had read:

“To put it bluntly, the CISO role is dead.”

And I closed my last post saying that I would encourage you all to think about the potential of a Digital Risk and Resilience Officer role and focus as an evolution needed in Information Security which will be more encompassing and vital to the success of your business’s future.

My blog posts here mostly focus on the complexity of systems supporting business operations, the complicating factors of our reliance on the internet for business communications and commerce, the extended risk and value chain of multiple layers of suppliers and customers engaged with our businesses, and the roles and methods of managing information security management in large and small interconnected businesses. Today I am going to focus narrowly on the role of the Chief Information Security Officer (CISO).

On July 19, 2024 a Single Software Update was able to create IT Chaos Across the Entire World

A faulty CrowdStrike channel file 291 software update to their Falcon End Point Threat Data file (Detection and Response endpoint device software) impacted (crashed) 9+ million computers. This created an immediate global IT outage affecting airlines, media outlets, banks, retailers and other organizations that use Microsoft Windows operating systems.

“Largest IT Outage in History”