Table A4 AI capabilities in cyber risk...

Table A4

AI capabilities in cyber risk treatment: selected evidence

Second-order themes	Selected quotes on first-order categories
Learning for risk mitigation	Learn from past data to recommend actions to respond to a threat
Learning for risk mitigation	“For example, we also have an algorithm that recommends to the operator the procedures to follow for that specific type of incident. However, the response and closure of the incident are always carried out by a human.” – System Integrator B
	Learn from past data to automatically respond to a threat
	“Automated generation of responses, with the goal also of automating part of the activities of a security operation center. If you can automate even part of the response probably manages to be more effective.” – System Integrator C
Learning for risk prevention	Learn from past data to suggest preventive mitigation actions
Learning for risk prevention	“Assessing potentially risky situations—such as abnormal behaviors, unusual connections, and similar indicators—and suggesting possible corrections to configurations, adjustments to permission grants, or changes in access regulations, and so on.” – Vendor A
Interaction for risk mitigation and prevention	Interactive systems to support the operator in defining proactive mitigation actions
Interaction for risk mitigation and prevention	“Anomaly detection, policy suggestions, permission adjustments, documentation refinement, and improved user interaction, so we gradually developed management consoles that can proactively assist the user.” – Vendor A
	Interactive systems to support the operator in incident response
	“A chatbot that, based on a machine learning algorithm, suggests the most appropriate procedure for a given type of incident.” – System Integrator B
Creativity for risk mitigation	Generate new knowledge to support the operators in incident response
Creativity for risk mitigation	“To date, precisely, we are experimenting with the Large Language Model with the very aim of creating new knowledge from acquired knowledge that can be of help to operators within the command and control rooms to act in unknown, a priori or emergency situations.” – System Integrator C
Adaptation for risk mitigation	Provide automatic remediation actions to new threats
Adaptation for risk mitigation	“AI tools can support us by providing suggestions or even performing automatic remediation. There are certain events that happen very frequently, generating alerts due to suspicious or potentially malicious activity. In such cases, many of these issues can be managed automatically, reducing the burden on analysts and ensuring timely responses.” – Consultancy E
	Provide suggestions to respond to new threats
	“Definitely on the endpoint protection part, the intelligence acts faster because it does a faster identification of the malware and then allows you to stop the process, the process is not even started. So the mitigation is preventive because identification and blocking come at the same time.” – System Integrator D
Reasoning for risk mitigation	Automatically respond to threats with playbooks
Reasoning for risk mitigation	“So we have a really innovative automatic remediation, because it's not a one-to-one automatic remediation, but I see an event, I respond with a playbook, which is a set of actions that lead me to then figure out what to actually do.” – Vendor B
Reasoning for risk prevention	Perform correlation analysis to prevent threats
Reasoning for risk prevention	“Or tools that correlate those alerts during incident response, such as SOAR platforms. Employing these technologies to enhance event correlation engines, with the aim of improving detection capabilities and accelerating incident response times.” – Consultancy A
	Verify and prevent toxic combinations
	“Facilitate the whole privilege assignment phase through AI tools that then go and verify that there are no toxic combinations at the time you go and do this kind of assignment.” – Consultancy B
Prediction for risk prevention	Predict possible threats and provide suggestions to prevent them
Prediction for risk prevention	“If you have an integrated system across companies with cross-visibility into everything happening across all your environments, it would be capable of detecting statistically significant events that occur more or less frequently, and more or less consistently across different organizations. This would enable the system to make not necessarily creative, but predictive and preventive suggestions.” – Vendor A
	Prediction to forecast different scenarios supporting the operator to prevent threats
	“Threat modeling is another critical step. This process involves building a model of possible threats and necessary countermeasures prior to software development. This human modeling can involve scenarios that are difficult to imagine or predict. AI can greatly accelerate and improve this process. It can facilitate the interfacing and correlation of models with real attacks that may pose an actual threat to software.” – Vendor D
Perception for risk mitigation	Text analysis to support incident response
Perception for risk mitigation	“These kinds of solutions that are going to use Chat GPT to help security analysts in their work. On that I see it being very effective precisely because it's about for a person having to go and study so much material and make the connections within that material. For an instrument, it's zero time, almost.” – System Integrator A

Second-order themes	Selected quotes on first-order categories
Learning for riskmitigation	Learn from past data to recommend actions to respond to a threat
Learning for riskmitigation	“For example, we also have an algorithm that recommends to the operator the procedures to follow for that specific type of incident. However, the response and closure of the incident are always carried out by a human.” – System Integrator B
	Learn from past data to automatically respond to a threat
	“Automated generation of responses, with the goal also of automating part of the activities of a security operation center. If you can automate even part of the response probably manages to be more effective.” – System Integrator C
Learning for riskprevention	Learn from past data to suggest preventive mitigation actions
Learning for riskprevention	“Assessing potentially risky situations—such as abnormal behaviors, unusual connections, and similar indicators—and suggesting possible corrections to configurations, adjustments to permission grants, or changes in access regulations, and so on.” – Vendor A
Interaction for riskmitigation and prevention	Interactive systems to support the operator in defining proactive mitigation actions
Interaction for riskmitigation and prevention	“Anomaly detection, policy suggestions, permission adjustments, documentation refinement, and improved user interaction, so we gradually developed management consoles that can proactively assist the user.” – Vendor A
	Interactive systems to support the operator in incident response
	“A chatbot that, based on a machine learning algorithm, suggests the most appropriate procedure for a given type of incident.” – System Integrator B
Creativity forrisk mitigation	Generate new knowledge to support the operators in incident response
Creativity forrisk mitigation	“To date, precisely, we are experimenting with the Large Language Model with the very aim of creating new knowledge from acquired knowledge that can be of help to operators within the command and control rooms to act in unknown, a priori or emergency situations.” – System Integrator C
Adaptation forrisk mitigation	Provide automatic remediation actions to new threats
Adaptation forrisk mitigation	“AI tools can support us by providing suggestions or even performing automatic remediation. There are certain events that happen very frequently, generating alerts due to suspicious or potentially malicious activity. In such cases, many of these issues can be managed automatically, reducing the burden on analysts and ensuring timely responses.” – Consultancy E
	Provide suggestions to respond to new threats
	“Definitely on the endpoint protection part, the intelligence acts faster because it does a faster identification of the malware and then allows you to stop the process, the process is not even started. So the mitigation is preventive because identification and blocking come at the same time.” – System Integrator D
Reasoning for riskmitigation	Automatically respond to threats with playbooks
Reasoning for riskmitigation	“So we have a really innovative automatic remediation, because it's not a one-to-one automatic remediation, but I see an event, I respond with a playbook, which is a set of actions that lead me to then figure out what to actually do.” – Vendor B
Reasoning for riskprevention	Perform correlation analysis to prevent threats
Reasoning for riskprevention	“Or tools that correlate those alerts during incident response, such as SOAR platforms. Employing these technologies to enhance event correlation engines, with the aim of improving detection capabilities and accelerating incident response times.” – Consultancy A
	Verify and prevent toxic combinations
	“Facilitate the whole privilege assignment phase through AI tools that then go and verify that there are no toxic combinations at the time you go and do this kind of assignment.” – Consultancy B
Prediction forrisk prevention	Predict possible threats and provide suggestions to prevent them
Prediction forrisk prevention	“If you have an integrated system across companies with cross-visibility into everything happening across all your environments, it would be capable of detecting statistically significant events that occur more or less frequently, and more or less consistently across different organizations. This would enable the system to make not necessarily creative, but predictive and preventive suggestions.” – Vendor A
	Prediction to forecast different scenarios supporting the operator to prevent threats
	“Threat modeling is another critical step. This process involves building a model of possible threats and necessary countermeasures prior to software development. This human modeling can involve scenarios that are difficult to imagine or predict. AI can greatly accelerate and improve this process. It can facilitate the interfacing and correlation of models with real attacks that may pose an actual threat to software.” – Vendor D
Perception forrisk mitigation	Text analysis to support incident response
Perception forrisk mitigation	“These kinds of solutions that are going to use Chat GPT to help security analysts in their work. On that I see it being very effective precisely because it's about for a person having to go and study so much material and make the connections within that material. For an instrument, it's zero time, almost.” – System Integrator A

[ViewLarge]