AI Unleashed: Retail and Hospitality Security Chiefs Brace for Budget Surges and Uncharted Risks

It’s no longer ransomware or phishing that keeps cybersecurity leaders in the retail and hospitality sectors up at night. Instead, it’s the relentless advance of artificial intelligence - simultaneously a force-multiplier for defenders and a Pandora’s box of new vulnerabilities. Behind the scenes, Chief Information Security Officers (CISOs) are scrambling to adapt, anticipating a swell in security budgets but facing an unrelenting tide of uncertainty.

According to a recent RH-ISAC survey, the sector’s CISOs are sounding the alarm: AI has leapfrogged traditional threats, with 71% identifying it as their top source of friction, compared to 54% for supply-chain attacks and 41% for vulnerability management. This shift isn’t due to any lull in ransomware or phishing, but rather the way AI injects fresh chaos into an already volatile threat landscape. Security leaders now find themselves battling on two AI fronts - leveraging its capabilities for faster threat detection and response, while simultaneously struggling to contain its risks.

AI-powered tools are proving to be double-edged swords. On one side, they help security teams automate the detection and analysis of threats (63% of CISOs report using AI this way), streamline incident responses, and even generate detailed threat reports. On the other, they open the door to new vulnerabilities. Three-quarters of CISOs report their greatest fear is accidental data leakage through public AI tools, while over half worry about “shadow AI” - the unsanctioned use of AI applications by employees, often out of sight of IT and security teams.

In response, organizations are racing to establish AI governance frameworks. While 81% report some level of policy in place, only a quarter have fully implemented them. The rest are navigating a patchwork of partial controls, creating ample room for mistakes. The sector is also divided on how to fund the fight: about 28% expect to reallocate existing security funds for AI, while 26% foresee an overall budget boost. Yet nearly 90% agree - AI security spending will rise, with many predicting significant increases.

Personnel remains the single largest line item in security budgets, at 32%, followed by cloud software. A third of CISOs plan to expand their teams, underscoring the human element in this tech-driven arms race. Still, balancing cybersecurity needs with broader IT priorities and existing budget constraints remains a constant struggle.

As AI’s promise grows, so too does its peril. Retail and hospitality CISOs now walk a tightrope, hoping that bigger budgets and smarter policies will be enough to harness AI’s power - without falling victim to its unpredictable risks. The next chapter in cyber defense will be written at the intersection of innovation, vigilance, and the relentless march of technology.

WIKICROOK

• CISO: A CISO (Chief Information Security Officer) is the executive in charge of protecting an organization’s information and data from cyber threats.
• AI Governance: AI governance is the process of managing and securing AI systems to ensure they operate safely, ethically, and in compliance with regulations.
• Shadow AI: Shadow AI is when employees use AI tools without official approval, creating hidden security and compliance risks for organizations.
• Incident Response: Incident response is the structured process organizations use to detect, contain, and recover from cyberattacks or security breaches, minimizing damage and downtime.
• Supply: A supply chain attack targets third-party vendors or services to compromise multiple organizations by exploiting trusted external relationships.