As AI Transforms Business, Dr. Aleksandr Yampolskiy Explains on NASDAQ TradeTalks Why the CISO Role Has Never Been More Complex

As supply chains grow and hackers adopt artificial intelligence, the role of the Chief Information Security Officer (CISO) is undergoing a dramatic transformation. During a recent NASDAQ TradeTalks segment, Dr. Aleksandr Yampolskiy, Co-Founder and CEO of SecurityScorecard, joined host Jill Malandrino and a panel of cybersecurity experts to discuss how supply chain dependencies, AI, and deepfakes are reshaping the CISO’s job.

“The role of a CISO has become so much more complex,” Dr. Yampolskiy said. “You have to be a translator between the technical teams and the board of directors. But we’re also no longer protecting just our own companies. We’re all interconnected to each other.”

As our global economy grows increasingly digitally intertwined, the CISO’s mandate is expanding. In addition to their own organization’s cybersecurity, they are now accountable for their extended network of vendors, partners, and suppliers, which present a variety of entry points for hackers. 

According to SecurityScorecard research, over 35% of data breaches now stem from third parties, with over 40% of ransomware originating with a third party.

Watch the full panel interview, with Dr. Aleksandr Yampolskiy (Co-Founder and CEO of SecurityScorecard), Colonel Georgeo Xavier Pulikkathara (CIO and CISO of iMerit), and Yonesy Nunez (Global Cybersecurity Executive).

​​

AI introducing insidious threats

Dr. Yampolskiy pointed out that AI is also rapidly expanding threat actors’ ability to scale and launch hacking, deepfake, and social engineering campaigns, adding pressure to the CISO role.

“The bar for being a sophisticated hacker just dropped,” he said, adding that AI can provide exploits to bad actors instantly.

As employees increasingly adopt AI into workflows, CISOs are facing the new insidious threat of shadow AI, or AI tools without IT approval.

“We have a proliferation of shadow AI where an employee might be sitting in a bank, upload a financial ledger or sensitive documents just to get help, maybe to ChatGPT, or worse off to DeepSeek in China, and all of a sudden your sensitive data is leaked,” Dr. Yampolskiy warned.

He added that security leaders must prioritize training employees as threats evolve.

“The CISO needs to enable innovation with AI while keeping the company secure.”

Communicating risk to the board

Dr. Yampolskiy emphasized that cybersecurity must begin at the top of every organization. Without cultural leadership and visible support, cybersecurity teams may struggle to gain traction.

“When boards of directors ask me for advice, ‘How do you keep a company secure?’ The one simple advice I give is make sure your CISO gets to present at your audit and risk committee. Because if a CEO sees that the CISO is at the board meeting, the CEO is going to provide the budget,” Dr. Yampolksiy said. “Culture eats strategy for breakfast.”

He added that although most board members would never admit to not knowing what EBITDA means, they should be conversant with cybersecurity fundamentals, such as DDoS attacks.

“The onus is on the board and the CEO to make sure that we don’t just speak the language of numbers but we also become AI- and cybersecurity-literate in our conversations.”

In closing, Dr. Yampolskiy called for a more data-driven, context-informed approach to communicating cybersecurity performance.

“It’s imperative for a board member to report objective, trusted KPIs of how you’re doing and how your peers are doing. You also need to articulate the strategy,” he said. “We’re in the business of providing trusted, objective KPIs for companies to measure and quantify risk.”

70% of the Fortune 100 and over 3,000 organizations worldwide use SecurityScorecard to gain visibility into cybersecurity risks, communicate it effectively to the board, and take proactive measures to prevent breaches.

SecurityScorecard created Supply Chain Detection and Response (SCDR), transforming how organizations defend against the fastest-growing threat vector—supply chain attacks. Our industry-leading security ratings serve as the foundation and core strength, while SCDR continuously monitors third-party risks using our factor-based ratings, automated assessments and proprietary threat intelligence, to resolve threats before they become breaches.

To learn more about building resilience at your organization or in your third-party ecosystem, download the 2025 Global Third-Party Cybersecurity Breach Report from SecurityScorecard or request a free demo today.