AI – Who is generating the biggest buzz in a noisy market?

Everyone’s talking about AI, but we wanted to find out which brands are really cutting through the most in the market with our brand-new AI adoption barometer. Nearly all (97%) respondents were exposed to AI-based content in January 2024, with OpenAI, Microsoft and Google most often cited. Driving this of course is the continued buzz around OpenAI’s Chat-GPT tool. It also reflects the launch of new products and releases: Google announced Gemini, its new AI model, in December 2023, with Microsoft announcing a new generative AI solution for retailers in January 2024.

However, outside of the top three, there is a drop off in awareness of AI content from other vendors. Several brands seemingly have work to do to increase awareness of their AI solutions as they jostle to become top of mind in a noisy market.

How are brands’ AI solutions and messaging being perceived?

It’s one thing to successfully reach your target audience, it’s a whole other challenge to effectively deliver your message and shape a positive perception. So how do our IT and business leaders view the brands whose AI-related content they’ve seen? Are they considered innovative, relevant and trustworthy in what they say and do?

It’s no great surprise that given the very cutting-edge nature of AI, perceptions are generally strongest for innovation, particularly for AWS and OpenAI. Most also scored these brands well in how relevant their solutions are to their needs. However, the exception to this is Meta, where respondents appear to require more convincing. However, that could be a consequence of lower reported exposure to AI content from Meta.

Most critically in the long run, it is trustworthiness where the biggest room for improvement is highlighted. Ratings for trust are generally lower than that of innovation and relevance across AI brands. Interestingly given it was the brand most had seen content for, OpenAI’s, trust rating was lower than its peers.

What help do IT and business leaders want most from AI technology vendors?

Among the wealth of insights, we gathered from asking this question, a core need emerged: show us the proof. The broad, disruptive, transformative power of AI for change is generally well known. However, it seems like IT and business leaders are looking for more specifics. What’s in it for them and their department? How can it help, not hinder their work? And how can these solutions be tailored to particular industry contexts?

But of course, the needs and pain points don’t just stop there. Other common requirements from respondents include more reassurance around data privacy and security, improving training, increased support/consultancy and reduced barriers to adoption.

How will these trends change over time?

Look out for lots more in our on-going AI Barometer series as we track these trends throughout 2024. In these early results we’ve seen an initial picture emerge of which brands are cutting through and how trust may prove the difference maker from one to another. We’ve seen how proof points are needed to help fully realise AI adoption for organisations – alongside ensuring the necessary security and support are provided.

Methodology

100 IT and business decision makers from the Vanson Bourne Community were interviewed in the UK in January 2024. All came from organisations across a range of private and public sectors. 50% of respondents were from organisations with 3,000 or more employees globally. As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members.

Cybersecurity

To mark the 20th year of cybersecurity awareness month in October, America’s Cybersecurity and Infrastructure Security Agency (CISA) announced a new program that they’re coining “Secure Our World” which is focused on four “easy” ways to stay safe online: 

  • Use strong passwords 
  • Turn on multifactor authentication (MFA) 
  • Recognise and report phishing 
  • Update software 

In principle at least, these do all sound easy, but when dealing with human behaviour – as at least two of these areas do – it’s rarely quite so simple. A cynic might say that this helps to feed the narrative that security breaches are more often than not down to human error (which is, of course, a factor)

If the tech and the people interacting with/operating the tech are not in perfect harmony, then something can and will go wrong. 

So, with that overarching theme in mind, and some of the main security conferences of the year now firmly in the rear view, we felt it was time we took stock of what 2023 held for cybersecurity, as well as what might be in store during 2024. 

Breaches, breaches, breaches… 

In amongst all of the noise surrounding generative AI (gen AI) – which we’ll get into later – it did feel as though some significant breaches were gone from mainstream media as quickly as they arrived. 

The UK public sector in particular seemed to take something of a pummelling during 2023, with the Police Service of Northern Ireland (PSNI), Greater Manchester Police (GMP), and the UK’s Electoral Commission all suffering a breach of some description

And while that supports our opening gambit of people and technology being crucial, rather than one or the other, it perhaps points to another key factor…and it’s an old favourite – budgets. Without going too far down the rabbit hole of public sector funding, it does highlight the importance of spending in the right areas, and cybersecurity should certainly be considered among those. 

A common view is that there’s only downside to throwing money at the problem after the event; a sentiment shared by a Vanson Bourne CommunITy member in a recent in-depth interview (IDI).

That’s not to say that money is the sole answer, but it can help to level the playing field. Nation state actors, cyber criminal gangs, and hacktivists, among others, will be spending much of their “hard earned” cash on trying to add to their hitlist.

It’s also worth making the point, that private sector firms have been far from immune to breaches this year – despite their budget ceiling typically being higher. Take Boeing, for example – a huge global brand, falling foul of the LockBit 3.0 ransomware gang, due to a vulnerability in their software supply chain.

LockBit – who operate on a Ransomware-as-a-Service (RaaS) model – have been prolific in recent years. And this breach of Boeing along with others such as that on the US arm of the Industrial and Commercial Bank of China (ICBC) feels like their way of reminding the world that while we’re all looking at gen AI, they’ll be going about their business of taking names and cashing cheques. 

Say what you like about threat actors, but there is a certain brilliance in the way they execute their missions and continuously evolve their tactics, techniques and procedures (TTPs). Take this approach for example: 

  1. BlackCat ransomware gang exfiltrate data from MeridianLink 
  1. MeridianLink decides not to fully engage in negotiations with BlackCat 
  1. BlackCat gets annoyed and reports MeridianLink to the US Securities and Exchange Commission (SEC) 

“Good guy ransomware gang” – this, of course, isn’t designed to glorify these hacker groups in any way, but it does highlight what organisations and the authorities are dealing with. Highly aggressive and innovative approaches, driven, in general, by greed. A dangerous combination. 

So, what does this mean for organisations, how can they combat these threats, and, ultimately, how do they go about increasing the efficacy of their security stack? 

Expansion or consolidation? 

The attack surface that organisations are trying to monitor and mitigate against is growing – no great epiphanies there. 

But with cloud sprawl being a genuine concern, incidents resulting from zero-day vulnerabilities seemingly increasing in prevalence, and the potential rise of shadow AI, among many other factors, it’s apparent that IT security teams must find a way to bolster their cyber defences through the utilisation of a technology stack that suits the specific requirements of their organisation. 

And this leads us nicely into one of the main topics of discussion from security events such as RSA and BlackHat USA this year: Should companies be pursuing a “best of breed” / point solution strategy, or a “consolidation” / platform-based approach? 

Over the years, it seems as though organisations have gravitated towards the former – searching out and implementing the best solutions for specific security needs, regardless of vendor. While this sounds sensible, the approach does have its drawbacks – more tools equates to a more complex security stack, and more potential points of failure that hackers could exploit. 

Not only that, but it creates an integration headache for even the most seasoned of IT security professionals.

And for that reason, it would appear that attitudes are showing signs of shifting as we head into 2024, with security leaders appreciating that a comprehensive cybersecurity platform – meaning fewer tools and vendors in their stack – is likely to give them the best chance of protecting their organisation, from both external threats and insider risk. 

We posed the question of point solutions vs. consolidation to our community of IT and IT security decision makers with a third (33%) saying that in 2024 they believe that their organisation will utilise/invest in a consolidation approach, so that they use as many (or as few) tools from the same vendor as possible. While the majority (59%) say they will utilise/invest in point solutions that solve specific problems, regardless of vendor. 

It won’t be as simple as ripping off the band aid when it comes to migrating towards a new look cybersecurity approach, and it will take careful planning and execution to do it properly (and securely), but the pros do seem to outweigh the cons. 

The ability to ingest data from a range of different sources, investigate and analyse threat levels, and then prioritise and respond to those threats/events, all within a unified platform, is surely going to simplify the lives of (typically) under-resourced security teams. These are the same teams who are monitoring significant numbers of alerts, across a host of security solutions.

Generative AI – risk or opportunity? 

So, here we are…gen AI and large language models (LLMs). What can we say that hasn’t already been said this year…on multiple occasions? Well, in all honesty, probably not an awful lot… 

  • …has it been fear-inducing? Yes 
  • …has it been disruptive? Absolutely 
  • …will it transform how we live and work? Without a doubt 

We live and breathe B2B tech, so despite the recent carnage at OpenAI, in our minds, it is indisputable that this rapidly evolving technology – the explosion of which has been driven by ChatGPT – will provide significant benefits across all industries, and the world economy. 

We’ve already referenced the phenomenon of shadow AI. This feels like something of an inevitability considering the wide-ranging use cases across software development, marketing, data modelling and many others. But, in the long-term, it will probably be viewed as a growing pain – “a necessary evil” – as functions from across the business rush towards gen AI, to ensure that they aren’t seen as the department causing their company to be left behind. 

It is though worth sparing a thought for IT security teams during this settling in phase, as, ultimately, they will still be held accountable if a breach occurs due to a gen AI tool that they might not have approved or had visibility over. To that end, it’s crucial that all areas of the business not only consider how they can best utilise gen AI to support their own objectives, but also how they can work with the IT / IT security department to embed the tools they need in a responsible way. 

When we asked 81 of our community members what they believed would be the biggest challenge and/or transformation in cybersecurity during 2024 (in a verbatim format), just under 60% mentioned AI in some way, shape, or form – with many of them highlighting the potential associated risks, or benefits for cyber criminals. 

Nonetheless, we’re talking about a technology that can be used for good as well as evil. The aforementioned XDR solutions already lean upon AI, so that the data ingestion, threat analysis, and decisioning phases can be expedited. The reduction/removal of these hugely time-consuming tasks will help to ease the burden on IT security teams, as well as benefit the IT security posture of organisations able to implement such a platform. 

We’ve already noted that cyber criminals are just as innovative, if not more so, than the organisations that they’re targeting. And the security community understands that it can often be the simplest attacks that are the most effective. 

Therefore, at this stage, it’s most likely that gen AI will be used by attackers to improve the success levels of their social engineering attacks, primarily through phishing scams, which can now be executed more effectively and on a larger scale.

Which brings us full circle to one of CISA’s core themes – recognise and report phishing. The other themes, of course, cannot be disregarded, but it feels like this one in particular stands out. This seemingly straightforward task will be made all the more difficult now that cyber criminals have gen AI at their disposal. 

As such, organisations must invest in proper training for their employees to reduce the risk of them succumbing to increasingly convincing messages. That, in tandem with settling on a security approach and technology stack that suits their business requirements will give them as good a chance as they can hope for against the flood of rapidly evolving threats coming their way during 2024. 

Cybersecurity for 2024: people, technology, and…?! 

A year is a long time in cybersecurity, and with the developments witnessed in 2023, it begs the question of what on earth will 2024 have in store? The probable answer…more of the same, but on steroids. 

In 2024, we as the pilots of technology cannot afford to let the technology outpace our ability to keep up. People must be at the heart of technology and security transformation to ensure that if something does go wrong, we are able to fix it. It is not just down to the IT / IT security team and the technology when it comes to tackling cybersecurity; it has to be a wider effort. And this is why CISA set out their guidelines in the way that they did. In order for a company’s threat mitigation efforts to be a success, everyone in the workforce must hold themselves accountable as well.

From the ground level up, it’s incumbent upon everyone within the organisation to know what the latest threats are – whether it be teenage hackers, nation state attackers or RaaS gangs – as well as the key trends that are on the rise, such as gen AI, and what this means for them in their day-to-day roles. 

We live in a world that’s driven by technology, regardless of industry or organisation size. Sharing knowledge as we all head into 2024 will enable organisations to tackle their people and technology problems, with their people and technology. 

The survey findings are based on quantitative interviews conducted in November 2023. As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members.

Data security perceptions

  • Over half (56%) of IT decision makers surveyed feel that their personal data is less secure now than 5 years ago 
  • Almost 9 in 10 (87%) feel forced to share an increasing amount of personal data 
  • 94% feel that increased regulation is needed to control what voice assistants, such as Google, Siri, and Alexa, are allowed to listen to and collect 

While the Internet of Things (IoT) is now currently the fastest growing data segment, social networks are close on its heels. But where is all the data stored? Who has access to it? And how is it protected? With so many questions, it’s easy to get a little overwhelmed and even paranoid, about how our data is being used. 

Each time we browse the internet, we (perhaps unwittingly) leave behind a unique digital trail that organisations might store and use to make more effective decisions. Or we may consciously be creating and sharing our digital identities; each social media account we create, discussion thread we participate in, application we fill out electronically, and even the latest gadgets we might browse online, all add to our digital footprint. 

We thought we’d take the opportunity to reach out to ourVanson Bourne Community of IT professionals to get their thoughts on data, from both a consumer and ‘insider’ point of view, and whether the aforementioned concerns might be justified. 

Do IT decision makers feel their data is safe, and do they care? 

Perhaps unsurprisingly, IT decision makers feel their data is most secure with their employer, and least secure with social media platforms (such as Facebook and Instagram) as well as websites (such as news, streaming and shopping). With the overwhelmingly lengthy regulations and protocols in place to protect our personal and professional data held by our employers, this is a reassuring finding, and surely one that makes reading all those policies and documents worthwhile! 

Professional networking sites however didn’t go unscathed. Almost 1 in 10 (9%) of the ITDMs we interviewed feel that LinkedIn as a platform needs a complete overhaul of its security process. As one of the top recruitment resources in the UK today, it’s surprising so many feel their data is at risk with LinkedIn but not with their employer, who could easily gain their CVs and other personal details from the platform. 

The latest developments in artificial intelligence are looking set to create a platform shift like that of the cloud, or even the internet itself. There’s a plethora of information about each and every one of us being collected and stored digitally. While most entities that store data have some form of data security procedures in place, the sophistication and level of protection can vary significantly across organisations and, even more so, across borders.

These measures are, in part, aimed at improving our confidence in the privacy and security of our data, yet their impact appears somewhat muted with just over half (56%) of the ITDMs we interviewed feeling that their personal data is less secure now than 5 years ago, while 39% felt this was not the case and 5% didn’t really know. And although only a few data breaches make the headlines – such as Yahoo, LinkedIn and Marriott International which impacted billions of accounts globally – they do sadly remain more commonplace than we might dare to think. 

So, what if the worst were to happen? 

Unsurprisingly, all the ITDMs we interviewed state they’d be concerned if their data were to be leaked. This makes sense from a consumer point of view – after all, these same ITDMs are consumers themselves. But aren’t they also those responsible for securing our data in the first place? So, who is to be held accountable when data is leaked? 

Evidently, the blame shouldn’t be laid solely at the door of said ITDMs, themselves responsible for securing our data. At least not in their eyes. While ITDMs acknowledge their responsibility in protecting the data, and admit to being at fault when data is leaked, short of blaming the attackers themselves 86% of respondents feel the company (i.e., Instagram or Facebook) is at least partially to blame for social media data attacks. Only employers fared slightly more positively, with 79% blaming them for a related data leak. More research might be needed to delve deeper into blame, but is that really the point here? If most of us feel that data breaches are out of our control, either personally or professionally – yet we need to give our data out to survive in the world – do we have any autonomy left? With almost 9 in 10 (87%) of those interviewed feeling forced to share an increasing amount of personal data, we may not like the answer to that question! 

Are humanoid or autonomous robots any safer? 

Like Frankenstein, who was built out of a scientific experiment from a variety of parts from corpses to resemble a god-like human, humanoid robots are robots which look to mirror human behaviour and can sometimes also have human-like facial features and expressions. Are they the modern era Frankenstein? Typically, these robots can perform human like activities such as running, jumping, and carrying objects. An extension of this is autonomous robots who operate independently from human operators, using sensors to perceive the environment around them, such as cleaning bots or hospitality bots etc. Both have seen a growing interest in the last few years with 89% of our ITDMs surveyed reporting an experience with one, 19% of which have interacted or used one. However, only 1% of decision makers feel the information these robots use is stored in a secure location. Additionally, just under half (47%) are hopeful the data is secured protected, but the majority (49%) don’t trust it’s protected safely. 

This begs the question – from an insider’s perspective, why are ITDMs, a tech savvy group of professionals, interacting or exposing themselves to potentially unsafe technology? Perhaps it’s due to the many (62%) who feel these robots are the future. The technological advancement doesn’t stop with robots, through the sophistication of AI, ML, and robots our world is growing in independence and complexity as many roles move away from humans. Three quarters of ITDMs surveyed feel AI technology, such as Copilot by Microsoft, or ChatGPT, will disrupt the administrative job market by replacing human employees with such technology. Is the future of jobs no longer human? 

Perhaps the financial penalties imposed on organisations for data breaches should be imparted to the subjects of the data itself. 91% of the ITDMs we spoke with agree that organisations should be legally forced to financially compensate individuals for breaches involving their personal data. Almost all (94%) feel that increased regulation is needed to control what voice assistants, such as Google, Siri, and Alexa, are allowed to listen to and collect. 

So why do we need so much data? 

The importance of data to an organisation’s success cannot be overstated, but we would say that, wouldn’t we? Well, research conducted by McKinsey  suggests that companies who strategically use data, such as consumer behavioural insights, to inform their business decisions outperform their peers in sales growth by 85%. 

It’s clear that concern around the data organisations hold is at the forefront for professionals and consumers alike. But as we’ve seen from the vast majority of the ITDMs we’ve interviewed, themselves consumers too, there’s an increasing pressure to share more personal data with organisations. With that in mind, organisations would be wise to heed these concerns and regularly review the security policies and procedures implemented to safeguard this data – what is collected, why is it collected, how is it stored, how long for, how is it protected, etc. Such measures would ensure that they are best placed to avoid a leak in the data, and any financial or legal implications which that may bring.

Perhaps more importantly however, is that in doing so organisations might earn the trust of those whose data they are responsible for safeguarding, and in turn increase the amount of data people are willing to share with them.  Organisations need to be accountable and commit to understanding their audience. 

Authentic messaging that aligns with the values of their audience can play a significant part in building trust in a brand. Vanson Bourne has a wealth of experience helping brands refine their messaging through understanding the impact that key individual elements of a message have on audience appeal. In a separate survey of 300 B2B marketers, strategists, and insight professionals, from the US and UK, 95% told us their organisation is conducting (or has plans to conduct) message testing. 

The survey findings are based on quantitative interviews conducted in October 2023. As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members.

Wellbeing in the IT department

Let’s start by thinking about a healthy, high performing, optimal IT infrastructure with a focus on wellbeing… According to the ITDMs we surveyed, contributing most are qualities such as security, for example in data storage, backups and within their networks (66%), controlled information access and availability (41%) and scalability (38%). Based on these qualities, how would you consider the health and performance of your organisation’s IT infrastructure? Perhaps somewhat of a pitiful basis for comparison is our respondents’ assessment of theirs.

Unfortunately, it’s not a gleaming picture – when asked to rate their current IT infrastructure overall, only around half (52%) believe it to be completely healthy, immune, high performing and optimal. Even when looking across the sectors surveyed, those from IT, technology and telecoms are most likely to report that their IT infrastructure is completely healthy, which may be expected as this is largely their turf and expertise, still only around six in ten (65%) report this. A similar story emerges when asking respondents about the various components of their IT infrastructure; the hardware, software and network within it. In fact, only a third (33%) of ITDMs in the UK consider their hardware to be completely healthy, the lowest of the three components.

Infrastructure pain points felt throughout the organisation

An IT infrastructure being in anything less than optimal health potentially leaves systems wide open to problems such as downtime, bugs, data loss, cyberattacks and latency. And, unfortunately, this is happening to our surveyed ITDMs pretty frequently – over half (53%) report experiencing these issues at least monthly. For those in the manufacturing industry, these kinds of challenges are happening weekly to around four in ten (42%).

Such issues are not localised to the IT department and this is not just an IT problem, Almost all (99%) report that their IT infrastructure plays a role in their organisations’ overall success or performance, and the majority (75%) consider that role to be significant. Alongside a similar proportion reporting the same about their organisation’s wellbeing (69%), it is not surprising to see the level and variety of impact ITDMs cite. Of those who experience issues with their IT infrastructure – the vast majority (96%) of our respondents – a similar proportion (95%) report that they impact their organisation in some way.

The knock-on impacts of IT infrastructure health and wellbeing to the organisation are seemingly wide reaching and somewhat nuanced, affecting not only its wellbeing and performance through increasing exposure to cyberattacks, affecting the bottom line, losing valuable data and the like, but also the hardworking employee within. While the latter can be less tangible and harder to measure, it is no less detrimental or important. Such impacts including reducing productivity and efficiency (51%), preventing employees from doing their jobs effectively (49%) and employees needing to work more as a result (33%) can even create a compounding effect; all having considerable negative impact to an employee’s stress levels, their health and wellbeing and consequently their performance.

Alarmingly, the vast majority (82%) – and nine in ten (90%) of those holding c-level and/or senior management positions – agree that their mental health and wellbeing is influenced by the health of their organisation’s IT infrastructure. Equally concerning, though, is that these figures seem to correlate with their physical health and wellbeing, with a similar proportion (78%) – and, again, around nine in ten (89%) in leadership positions – agreeing that their physical health and wellbeing is influenced.

Such stark effects are also evident by the variety of ways respondents report their organisation’s IT infrastructure issues to impact them personally. Most likely are that they have to work more than their contracted hours and that they impact their emotions by feeling a sense of frustration about them at work, with more than a third of ITDMs reporting these consequences.

It may be obvious that the health of an IT infrastructure plays a significant role in its organisation’s overall wellbeing and performance, however, would you consider it to play a similar one in your own personal wellbeing, success or performance? Perhaps surprisingly to some, or perhaps not considering the reported impacts, our results suggest that it does – and considerably. Similar to its role in the overall organisation, the vast majority cite that the health of their organisation’s IT infrastructure plays a role in their personal success or performance (97%) and their wellbeing (92%).

Reassuringly, however, an overwhelming majority (92%) of the ITDMs we interviewed agree that their organisation possesses a clear vision for having a healthy IT infrastructure. This indicates that, while organisations may not currently be as resilient or indeed digitally immune as they’d like to be, those working within the organisation are optimistic at the path ahead. With the right investment, training, and overall focus on increasing organisational wellbeing and IT infrastructure health, organisations can greatly improve their overall immunity, health, wellbeing, performance and, ultimately, success.

So, what can be done?

What can be done to enable IT infrastructures to be in their most optimum state, with a healthy immune system and potentially mitigate issues? As with humans, one place to start is to build resilience; IT teams can perform maintenance tasks such as software and hardware updates, auditing, monitoring and upgrading that will go a long way to ensuring their IT infrastructure is as healthy and as immune to bugs and issues as it can be.

Optimistically, at an overall level, the vast majority of our surveyed ITDMs report that they are performing these various maintenance tasks at least in line with recommendations, if not more. Indeed, almost all (99%) of our surveyed ITDMs consider them to build at least some resilience and immunity to prevent issues with their IT infrastructures. Perhaps IT teams don’t have the time or skilled resource to even consider the benefits of proactive maintenance, instead, their time is spent firefighting and remedying the frequent issues which leaves them burnt out and ineffective? Conceivable, as more than three quarters (78%) agree that theirs and their colleagues’ ability to maintain their organisations’ IT infrastructure would improve if more focus was aimed at their personal wellbeing.

 

Are wellbeing priorities starting to turn?

With the importance of wellbeing being integrated into increasingly more organisations worldwide, more needs to be done to understand the role it plays among the business and its employees. It could be argued that shifting priorities from an organisation-centric to a more employee-centric mindset is counterintuitive to the wellbeing of an organisation, yet it’s clear that the success of one cannot be achieved in isolation.

As per their human counterparts, organisations with a healthy (digital) immune system will always be better placed to defend themselves from unwanted contagions. As with any organism, the wellbeing of an organisation is directly linked to those who work within it, and leaders might be wise, therefore, to not only actively invest in the health and wellbeing of its IT infrastructure, but also its employees, given its impact on the bottom line.

The survey findings are based on quantitative interviews conducted in January 2023. As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members.

Will ChatGPT be a friend or foe to IT decision makers?

ChatGPT and similar AI tools are currently gaining much attraction in the media, with many of us concerned about the possibilities of ChatGPT and similar generative AI tools being used for nefarious purposes. But should (or can we afford to) let these inhibitions hold us back from using some of today’s most exciting technologies? Innovation should be a central focus for all organisations as without it there is a risk of falling behind the competition.

We wanted to find out how IT decision makers (ITDMs) feel about ChatGPT, both personally and professionally, so we conducted a handful of in-depth interviews with technology leaders from large companies in the UK to gain a rich understanding of their thoughts. Our interviews uncovered a mixture of approaches and attitudes: from companies jumping head-on into ChatGPT usage, to those who currently have banned its use on company devices.

Among ITDMs there is an overarching sense of personal excitement and expectation that the future will be heavily influenced by AI. But will ChatGPT persist, or will it soon be overtaken by other platforms? And will organisations overcome the fear-factor to hone AI as a force for good?

 

A cautionary approach to AI-generated data

ITDMs acknowledge the ways in which ChatGPT could be detrimental if used for malicious and non-ethical purposes. Perhaps it will make us less productive or enable individuals to take credit for work that is not their own. There are also feelings of doubt surrounding the accuracy of the data, which would need to be verified separately.

This concept of controlling what data sits within ChatGPT and similar AI tools is a key consideration for ITDMs. It manifested itself in different ways in different conversations. Whether it’s to ensure that it is not used to create templates or how-to guides for cyber-attacks, or to prevent misinformation that could, for example, unduly damage company reputation. In one instance, it was suggested that the best way for ChatGPT to be harnessed within an organisation, would be to have it running exclusively with internally approved datasets.

Business snags, but excitement and hype prevail

ITDMs are impressed by the potential for ChatGPT and similar AI platforms, and how it will shape the future, both in a personal and professional capacity. Thinking more specifically about business use cases, chatbots were singled out as something in use but that could be enhanced by further reducing the need for human intervention.

Currently, tools like ChatGPT are helping take out the mundane workloads in organisations, by compiling, generating, and checking documentation. In this way, potential time-savings are immense. One respondent we spoke to reflected on a task that would have taken 4-5 lawyers a whole week, being carried out by AI and machine learning technology in “probably 10 minutes”. Thinking again about the need for organisations to remain competitive, something that can not only save time but also adapt core business models, is worthy of serious investment.

Of course, with certain tasks becoming redundant, people are bound to fear for their jobs. However, ITDMs viewed the impact ChatGPT will have on the workforce as positive overall, in modifying existing roles and opening new opportunities.

But some are held back by reservations and hesitancies surrounding regulations, with one respondent revealing that using ChatGPT on company devices was prohibited at their organisation, and could result in dismissal if something were to go wrong. Whether this is the correct course of action remains to be seen.

The future of ChatGPT

A lot of hype surrounds ChatGPT right now, but there is consensus among ITDMs that as other organisations rush to produce their own versions, it may well be overtaken. Microsoft 365 Copilot is one such product we’ve been advised to look out for. AI in a much broader sense is what ITDMs regard as important and while ChatGPT may be replaced by other tools, there is no indication that AI chatbots will be going away any time soon.

So, what have we learnt about ChatGPT in the view of ITDMs?

It’s clear organisations that embrace and adjust to the ever-changing landscape of AI will be best equipped for the future, whether that includes ChatGPT or another AI chatbot remains to be seen. Job security is not a major concern for our respondents, at least not any time soon, as they perceive the tool as an essential component in alleviating mundane tasks, thereby enhancing worker productivity and enabling them to concentrate on other tasks. However, apprehensions regarding security and control of data, as well as unethical usage, are prevalent among many, potentially impeding the advantageous potential it holds.

Whether you feel optimistic about ChatGPT, or are on the more cautious side, there is no denying that it is gaining attention and having an impact. But will it be replaced by other tools? And will it have more of a positive or negative impact on the workplace?

Only time will tell…

Methodology

Five 30-minute in-depth interviews were conducted in June 2023 with IT decision makers in the UK. All respondents were from organisations in the private sector, with 1,000 or more employees.

As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members.  

Web 3.0 – A real business game-changer?

With Web 3.0 as a potential game-changer on the horizon, hyped to truly revolutionise the way we do business, we wanted to explore how this innovation is likely to take shape, along with its potential impacts. While Vanson Bourne wouldn’t consider ourselves expert in the subject of Web 3.0, our blog provides a foundation for further exploration on the topic.

Berners-Lee 3.0?! 

Before immersing ourselves in Web 3.0 – or Web3 – it’s worth briefly reminding ourselves of the evolution of Tim Berners-Lee’s world wide web since its inception.  

  • Web 1.0 (the past) – the internet simply provided access to online data. Static web pages, if you will 
  • Web 2.0 (the present) – internet users can manipulate and interact with content (social media, etc.) 
  • Web 3.0 (the future) – whilst the concept is still evolving, the essence of the idea is that the web is decentralised and self-regulating. No one entity will have control over the network, effectively creating a more secure and transparent virtual environment 

Why should businesses care about Web 3.0? 

Forewarned is forearmed -having a solid understanding of the evolving technological landscape, along with the associated organisational opportunities and challenges this creates, can only aid strategic thinking – providing a tactical, commercial, advantage. 

Web3 is not purely conceptual, the building-blocks are already in-place, including technologies for storing and transmitting information without governance by any central authority (blockchains), cryptocurrencies, smart contracts, decentralised applications (DApps), peer-to-peer (P2P) networks, non-fungible tokens (NFTs), and decentralised autonomous organisations (DAOs). Each of these already has real-world applications across many industries. 

Gaining a snapshot of current business understanding 

We recently conducted a poll on our website to find out how many people understand the term Web 3.0. The results can be found here.

To measure the understanding of Web 3.0 across the business community we spoke to IT decision makers across our Community, as well as IT decision makers in the US. 

Almost three-fifths (58%) of IT professionals stated that their knowledge of Web3 was not comprehensive. Perhaps unsurprising, at one level, given the future shape and application of such a technology has yet to come fully into view.  

Whilst in-depth understanding of Web3 is far from universal, the potential benefits are more widely acknowledged. Adoption of Web3 was felt to have the potential to ensure enhanced data analytics (70%), greater data management (64%), as well as ensure an increased ability to understand customers’ needs (63%). 

Given this degree of potential engagement with future applications, it is no surprise that almost 8 in 10 IT decision makers we interviewed felt that the majority of organisations in their industry will employ the technology over the next 5 years. 

Positioning you, your team & your organisation for the future  

There are a number of practices which can be put in-place to ensure you are you’re well positioned to embrace Web 3.0: 

Raising your base knowledge 

Being inquisitive, informed and future-facing in terms of ethos -this is no different to when dealing with any such drivers of truly transformational landscape/organisational change. 

In more specific terms, ask yourself, your team and your organisation the following questions: 

  • To what extent do we truly understand the fundamentals underpinning Web3? 
  • Do we have time, headspace and/or resource dedicated to understanding related movement within our industry vertical? At the very least, is Google Alerts set-up to monitor ‘Web3’/’Web 3.0’ – tracking major sectoral developments 
  • Has any thought been invested as to how we position our proposition (and brand) within a Web 3.0 landscape? 

Keeping a close eye on the pioneers  

Within your industry (as well as across adjacent sectors), pay attention to those businesses at the leading-edge of developments, those embracing Web3. Learn from their successes and missteps. 

  • Which activities/product solutions are they prioritising? 
  • How are they positioning themselves? 
  • What problems are they solving? 
  • How are they adapting their business model(s)? 

 Focussing upon walking, before running  

Start small – look to become gradually more familiar with the foundational concepts of Web3, so that you’re ready to pivot when the opportunity arises. 

Our final thoughts  

Whether it’s called Web 3.0, Web3, or something entirely different, the third generation of the internet is heading our way. Though such major transformational change may still be five years – or even a decade – off. 

Web3 will bring with it the full VUCA (volatility, uncertainty, complexity, ambiguity) suite of impacts and disruption – as is the case with all game-changing innovation. Ultimately though, such seismic transformation can be viewed through the lens of opportunity or challenge. 

The most agile, innovative, forward-facing businesses will look to embrace the technology and the associated commercial possibilities, to win. 

In our view, the emergence of Web 3.0 should be closely monitored and considered, but not feared. Whilst the foundational technology continues to evolve and integrate, it’s no bad thing to sporadically ask yourself that same, tough, question: ‘Am I, my team and my organisation well placed to embrace such innovation and the opportunities it offers?’ 

Methodology 

The survey findings are based on quantitative interviews conducted in 2023 with Vanson Bourne Community members and additional interviews with IT decision makers from the US. The research comprised of 300 interviews, from enterprise organisations and representing a range of commercial sectors.  

As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members.  

BYOD, shadow IT and mitigating risk

Hybrid working opens a potential Pandora’s Box for IT security

While debate will no doubt continue, it seems likely that working patterns have been changed irrevocably – latest figures suggest that around a fifth (22%) of the GB workforce worked at least one day a week at home, almost double the pre-pandemic level (12%). 

Hybrid working brings with it new challenges and concerns particularly in terms of IT infrastructure and support with the potential heightened use of ‘bring your own device’ [BYOD] and Shadow IT. 

A quarter of those surveyed already have a formal BYOD company-wide policy (24%), whilst a similar proportion (26%) agree BYOD on a case-by-case basis, and 6 in 10 (59%) believe that Shadow IT occurs in at least some parts of their organisation. Half (51%) agree that ‘Shadow IT has increased with the rise of hybrid working’.

Those who use BYOD generally consider its introduction to have been successful, although just over 1 in 10 (12%) feel unable to comment – whilst this might be down to the individual respondent’s role not focusing on this specific area, it may also point to a lack of formal assessment as to the effectiveness of BYOD (particularly amongst those organisations only adopting it informally on a case-by-case basis).

BYOD is likely to place additional strain on internal IT teams

Nine in ten of those organisations using BYOD have security measures in place to cover the practice, although many of these are standard IT policies, such as password requirements and data transfer provision, which are likely to be adopted on any work device, be it employee or organisation owned. Data wipe upon contract termination, installation of company approved anti-virus software and device maintenance may raise additional BYOD challenges for any internal IT team, particularly if a variety of different devices are being used (an issue raised as a concern by over a third of those currently without a BYOD formal policy). 

Amongst those without a formal BYOD policy, the key concerns centre on compliance (61%) and data removal/retrieval (53%). 

BYOD further compounds the prevalence of Shadow IT, its associated risks and resourcing implications

Of those without a formal BYOD policy, a third (34%) are concerned that implementing BYOD will lead to an increase in Shadow IT within the organisation. This is a realistic expectation, given that employee-owned smartphones and computers are likely to be loaded with applications, software and tools that they use and are comfortable with, and so will want to continue accessing. 

An increased prevalence of Shadow IT is clearly of concern, when the vast majority of those organisations currently with Shadow IT report experiencing security issues (80%) and/or compliance regulatory issues (74%). It is perhaps unsurprising that over 8 in 10 (84%) feel that Shadow IT results in a lack of visibility for the IT department. 

Despite more efficient working and effective collaboration often being cited as a potential benefit of Shadow IT due to increased familiarity with the apps and tools being used, and improved accessibility for non-company users, 6 in 10 of those organisations with existing Shadow IT have experienced collaboration challenges as a result (59%). Almost as many have experienced Disaster Recovery issues (55%). Indeed, our mixed audience of IT and business professionals estimate that they spend on average 11% of their week addressing issues caused by Shadow IT.

Seven in ten agree that ‘Shadow IT poses a security risk to my organisation’, whilst over half (53%) disagree that ‘the advantages of Shadow IT outweigh the challenges’ (against just over a quarter agreeing – 27%).

Mitigating risk must be the focus

It is probably too late to put the genie back in the bottle: with 59% reporting some occurrence of Shadow IT in their organisation, and a quarter (26%) saying it extends across the majority or all departments, the focus must surely be on mitigating any risks posed – especially if hybrid working and BYOD are likely to continue unabated.  

Central to mitigating risk is identifying the extent of Shadow IT use within the organisation. Understanding the non-company applications, software, hardware and tools that employees are turning to, and why, may help to identify gaps in the company IT provision, which can then be filled by approved versions. Risk assessments and audits can help to identify Shadow IT use which poses a serious compliance or security issue, and so allow these to be addressed before any damage is done. 

Just over 7 in 10 (72%) are able to state ways in which their organisation is mitigating or planning to mitigate against the risks posed by Shadow IT, most commonly with employee education (48%) and provision of approved tools (45%).  

With almost one in three (28%) reporting that they are unsure or are not currently mitigating against the risks of Shadow IT, there is still room for improvement in the management and prevention of risks. 

 

‘The impact of remote and hybrid working on workers and organisations’, published 17 October, 2022 https://post.parliament.uk/research-briefings/post-pb-0049/

The survey findings are based on quantitative interviews conducted in December 2022 with 226 Vanson Bourne Community members. All respondents are UK based, representing a range of commercial sectors.

As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members. 

From supplier to partner

In our earlier report ‘Security is a team sport’, we explored whether organisations have the necessary expertise or headcount to deal with all IT and IT security needs in-house. Almost half (46%) of the Vanson Bourne Community members we surveyed were using the services of a Managed Services/Security Services Provider [MSP/MSSP] to support IT needs, and specifically to access their IT security expertise. 

Whether it is direct assistance from IT security vendors or from a MSP/MSSP, end-user organisations may well be open to help in terms of managing the risks posed by hybrid working, BYOD and Shadow IT. On the whole, IT budgets would appear to be holding up sufficiently to finance such additional support, with over a third (35%) stating that their 2023 IT budget will see an increase, with a further third (32%) believing it will remain stable. 

Getting on the supplier radar

To be in with a chance of securing any additional IT support work generated through hybrid working and the challenges it brings, IT vendors and MSP/MSSPs must first be on the radar of the end-user organisations as a potential supplier. 

Almost all of our audience access additional information about their role and/or industry (96%), most commonly to understand new technologies (82%) and/or to further their skillset (71%). Half are looking to understand the latest threats (51%).

Given the focus on ‘understanding’, it is unsurprising that online articles and publications capture the largest share of voice, being accessed most (69%), and most frequently (87% of those reading, do so at least monthly). 

Newsletters and online forums also feature strongly with almost 1 in 2 using, most commonly on a weekly basis. Although not accessed as regularly, webinars and online courses prove popular, no doubt reflecting the ‘new normal’ of online working following the pandemic. 

If wanting to engage customers directly, IT vendors need very visible online content providing in-depth insights into new technologies and threats, and if appropriate, to be offering relevant interactive sessions/training through forums, webinars and courses. 

In using vendor websites, our decision-maker audience are laser-focused on the information and functionality that will facilitate a quick and easy purchase: access to prices (68%), easy navigation (57%) and multiple contact points (50%). Clear messaging is also important for almost half (46%), with the potential for this to key into the essential supplier traits of availability, flexibility, and consistency – as well as demonstrating sector expertise (as outlined in the following section).

Making the leap from Supplier to Partner

Having established a presence, and so hopefully a foot in the door, the aim must surely be to move from one of many providers to a trusted and integral business partner. Our audience identify availability of support, flexibility and consistency as essential if a supplier is to stand out from the pack – to move out of the friend-zone to be truly ‘loved’.

‘Understanding the client’s target audience’ is also of importance, with over 1 in 10 (13%) selecting it as the supplier trait that they love the most. 

Excelling as an IT Vendor Support Team

Despite living with Zoom, MS Teams et al for over two years, customer preference for communicating with a vendor support team is a live telephone chat with an agent – over a quarter (27%) select this is their first-choice touchpoint, and over half (59%) select it within their top three. Reality is not too far removed from this, with over half (55%) currently interacting with vendor support teams via telephone chats, although email is the touchpoint used most commonly (74%).

There is an apparent mismatch with self-service portals, more experience this in reality than would select it as a preferred option (47% vs. 36%), whilst the inverse is true of a live online typed chat with an agent (32% vs. 41%). Reflecting the preferred characteristics of ‘loved’ suppliers already identified, availability of support is most likely driving this, with the immediacy of a live chat answering this need.  

Indeed, when asked for the most important characteristics of an effective IT vendor support team ‘responsiveness’ is cited by 8 in 10. Proactive problem solving (70%) and knowledge & training (66%) are also key, whilst clients appear to be relatively less concerned about the operational nuts & bolts of the support team, such as offering automated solutions (15%) or having few unopened tickets (25%). 

Thriving in our hybrid world…

Hybrid working brings real challenges to end-user organisations in terms of their IT infrastructure and services, there is a growing need for IT vendors and MSP/MSSPs to: 

  • Provide guidance through online articles, insight and training to highlight the pros & cons, particularly the potential threats associated with hybrid working, BYOD and Shadow IT
  • Potentially offer services to help develop viable company-wide BYOD policies, which can be easily monitored and audited
  • Similarly, audits of existing Shadow IT use may be of value to end-user organisations, including risk assessments of the apps, software and hardware being used, and recommendations on approved tools to adopt in order to fill any existing gaps in employee needs.

In offering such services, to be a true partner and not just a provider, IT vendors must focus on availability of support, flexibility, and consistency of service – ideally delivered via a one-to-one ‘real-time’ support channel. 

 

The survey findings are based on quantitative interviews conducted in December 2022 with 226 Vanson Bourne Community members. All respondents are UK based, representing a range of commercial sectors.

As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members. 

Blog: Security is a team sport

External threats are rife, and appear to be on the rise, while internal resources are stretched, all reflected in regular media headlines that cyber criminals are on the front foot, moving closer to achieving their corrupt objectives. Even the Electoral Commission has been subject to a data breach, more on that here.

However, we’re not here to preach about the rights and wrongs of what organisations are doing to protect themselves. Instead, we will examine one possible option for organisations as, alongside their vendor partners, they look to stem the tide and elevate their IT security posture. This ray of light comes from the utilisation of managed services providers (MSPs)/ managed security services providers (MSSPs).

 

Embracing external support to alleviate internal issues

It’s true that sometimes too many cooks spoil the broth. In business that proverb can rear its head in various ways – whether too many people being involved in a process causes a decision-making bottleneck, or teams end up at cross purposes on a project, there are a number of ways where a smaller, more streamlined team can be of benefit. This may also be true when it comes to IT security. However, in an ever-evolving space, where knowledge and expertise translate into power, surely the more brains there are working towards a common goal, the greater the chances of success when it comes to defending against cyber criminals. 

The one thing to bear in mind here though, is that not all organisations have the expertise or the headcount in-house to throw towards IT and IT security needs.

The way in which respondents’ organisations’ IT departments are structured begins to highlight potential expertise and/or headcount shortfalls. Larger companies (1,000+ employees) are notably more likely than their smaller counterparts to have one overarching IT department, but with this large team also including a group that focuses specifically on IT security – i.e., a team of dedicated experts exclusively working on keeping the business secure.

It is therefore probably fair to assume that the IT teams within the smaller surveyed organisations – particularly those with only 1-49 employees – are in a tricky position when it comes to both headcount and security expertise as they aim to maintain a secure environment for the rest of their colleagues. And this provides a good basis for explaining why these are the organisations most likely (31%) to be utilising an MSP/MSSP in tandem with an internal individual/small team to manage their IT security needs.

Sharing expertise and responsibility

But this doesn’t tell the whole story – overall, almost half (46%) of surveyed organisations are leaning on an MSP/MSSP to some extent for their IT security needs, with this even applying to the largest surveyed organisations (5,000 or more employees) where 45% report that this is the case. Our two cents – this can only be a positive thing – the more brains at the table working towards securing organisations the better, while it also highlights the value that these service providers can offer. This line of thinking is supported by the fact that 59% of respondents from organisations using an MSP/MSSP for their IT security requirements, report that the IT security expertise offered by these third parties is among the reasons for their use in the first place – making it by far the most commonly reported reason.

Aside from the expertise that MSPs/MSSPs can offer, there is also the added bonus of easing the burden of responsibility on internal teams that are often already stretched and struggling from a skills perspective. This is clear from the 40% and 31% of our Community members respectively reporting that they don’t have the headcount or skills in-house to manage their organisation’s IT security needs.

It would, of course, be a stretch to say that without an MSP/MSSP organisations will inevitably fall victim to a security breach, but it stands to reason that the added support wouldn’t go amiss. Further to that, it seems fairly evident that once a partnership is in place, end user organisations, IT security vendors, and MSPs/MSSPs must seamlessly work together if they hope to stave off the continuous barrage of threats that they’re up against.

This is perhaps best demonstrated by the ways in which respondents’ organisations keep up to date with the latest threat intelligence. Approaching half (48%) do so through their product vendors ending alerts on specific threats to their products, while only slightly fewer (43%) utilise specific threat intelligence tools from their vendors. And MSPs/MSSPs can also play their part by keeping end user organisations up to date with the latest intelligence, as is the case for 28% of those surveyed. 

End user organisations clearly require assistance, so it’s up to IT security vendors and service providers to help ease that burden and help to mitigate the risks at play. 

Stronger together – maximising IT security

All in all, the situation seems pretty clear – whether the partnership is just between the end user organisation and their IT security vendors, or whether there is also an MSP/MSSP in the mix as well, it is critical that all parties are singing from the same hymn sheet when it comes to maximising IT security efforts. 

Security is, after all, a team sport, and until everyone involved recognises and buys into it, there will always be an avoidable opening in white hat security defences, with the damages of a breach having the potential to impact all of those who could have prevented it, to varying degrees.

 

These survey findings are based on qualitative and quantitative interviews from September 2022 with 216 members of the Vanson Bourne Community, our network of IT and business professionals at the forefront of their industries. 

As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members. 

What do our members think?

“Vanson Bourne Community sends me interesting IT related surveys. The rewards I receive are generous and I love that I can send them to a selection of charities.”
Operations Manager, Financial Services
"I have been part of the Vanson Bourne Community for many many years now, and the surveys are always interesting and do make me think about my understanding of topics, its great being part of the group."
Head of Technology, Media
"Vanson Bourne Community surveys are relevant to my job role. The surveys are well designed and not repetitive. The survey incentives are variable, extremely fair and delivered quickly. This is by far my favourite panel."
IT Manager, Financial Services
Interested?
Come and be part of our great community!