Before founding US cybersecurity company BlueVoyant in 2017, CEO Jim Rosenthal developed a passion for cybersecurity during his six years as Morgan Stanley‘s chief operating officer (COO).
“In that role, I became obsessed about the importance of cybersecurity to preserving the global economy, I care passionately about two things,” he says.
“The first was, it was my observation that most companies didn’t have the financial or people resources to defend themselves well on the cyber front,” Rosenthal explains, “and secondly, even those that were relatively well defended, had a problem with external defence, particularly with their suppliers.”
Rosenthal’s BlueVoyant is intended to be an answer to those concerns. Headquartered in New York City, the company has grown to over 600 employees and its global offices include London, Budapest, Bogata, and Singapore.
“I wanted to found a company that could help every company that needed help running their internal security systems do it well, and that could help companies with great internal security, manage their external risks,” he says.
“I discovered through friends in the government, that there were very serious threats to the banking industry, and the banking industry was fundamental to the economy operating,” Rosenthal states, reflecting on his time at Morgan Stanley.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData“I decided first that I would oversee the building of very good cyber defences of Morgan Stanley, and we do that and then I became more concerned about systemic risk,” he explains.
Following this, Rosenthal co-led Sheltered Harbour, an association of banks and cybersecurity companies to protect the US’ wider financial industry’s data. However, Rosenthal soon became concerned about external cybersecurity threats from outside of the financial sector.
“I realised that the amount of money that we could spend at Morgan Stanley was not typical of the banking industry or any industry,” he explains, “and for those that didn’t have the same resource levels, they really needed external help.”
Rosenthal had already noticed the tide turning in cybersecurity, stating that response and threat detection had already begun its automation journey.
How is AI impacting cybersecurity?
Now, in the age of AI, how are companies keeping up with AI’s impact on global cyberattacks?
In a 2024 survey conducted by GlobalData, businesses named phishing, ransomware, and supply chain attacks as their biggest security concerns. The rise of generative AI technology has caused a surge of concern about its potential use by bad actors.
“So, we encounter AI on the offensive side, and we use it on the defensive side,” confirms Rosenthal, “what machine learning and AI enabled attackers to do is to now do on bass what they previously had to do on a customized basis.”
Due to this, Rosenthal states that the number of cyberattacks seen by BlueVoyant has risen exponentially.
“The skill required for an attacker is now quite low, because you can basically rent more of the capabilities that you need and some of them are AI machine learning assistant, somebody on the defensive side that we’ve improved our defences quite a lot by using the same technologies,” he explains.
While many employees are trained to detect phishing scams by identifying spelling errors or unfamiliar email addresses, generative AI can help attackers create more realistic phishing attempts using sophisticated human-like language. This has generated concern that even a company’s most tech-literate employee could fall prey to generated phishing attempts.
However, Rosenthal explains that generative AI’s impact on increasing cyber-attacks is also about creating efficiency in stalking out potential vulnerabilities.
“I think that the attack surface that’s addressable by the attackers has expanded dramatically over the course of the last couple of years, and that’s primarily because of machine learning and AI capabilities,” Rosenthal clarifies.
“So, at BlueVoyant, one of the things we do is do external scanning of hundreds of thousands of companies for vulnerabilities that our attacker can see,” he says, “It used to be that the attacker would go look for them when on a company by company basis, now they can do it at the scale of hundreds of 1000s of companies.”
“So as a result, the timeframe for the defence to close externally facing vulnerabilities has dramatically shortened and the target range for attackers has dramatically expanded,” he continues.
AI is still a new concept for many companies
For many businesses outside of the technology sector, AI is still a new concept which only became mainstream following the viral 2022 release of ChatGPT by OpenAI.
Since then, it has been consistently named as the most disruptive technology by businesses across sectors in GlobalData’s tech sentiment surveys. In its 2024 tech sentiment survey, over 54% of respondents answered that they believed AI would live up to all its promises.
As AI deployment and development shows no signs of slowing down, Verdict asked Rosenthal what this meant for predicting the technology’s future in cybersecurity.
“One thing has always been true,” says Rosenthal, “and it still is true, which is that you can predict that the number of attacks will go up every year.”
Rosenthal explained that the nature of cybersecurity attacks had been evolving long before generative AI threatened to disrupt nearly every industry.
“The nature of the attacks, frankly, have been changing over the last few years,” Rosenthal states, “and it’s not possible, it wasn’t possible a few years ago, and it won’t be possible today to exactly predict what the attack will be.”
“What it is possible to do is to very quickly identify new attacks and raise defences against them,” he says, “So I think we’ll always be in this dynamic of as soon as we defend against one form of attack, another one emerges.”
For Rosenthal, generative AI emphasises the need for resilience from cybersecurity companies.
“I think that you have to be prepared for a world in which very good defence will cut off attacks pretty early, but they will succeed in some instances. And those instances need to be resilient,” he continues.
Rosenthal was also optimistic about the future collaboration between industry and regulators when it came to creating legislation protecting AI’s development and businesses’ cyber-defence.
“I think raising standards to regulation is helpful in many industries. But I do believe the world is too complicated, changing too fast and not subject to enough specificity in the regulation to be the right level of defence often,” he explains.
The burden of creating the right defence, says Rosenthal, is primarily on the private sector.
“I’ve worked with regulators a lot in the past and they’re very well intended,” continues Rosenthal, “often their regulation is helpful, but in some industries its insufficient, because it can’t be sufficiently detailed.”
“I think regulators are doing a as good a job as they can do,” Rosenthal concludes, “And I think they recognise both the value that they create and the limitations on the value that they create.”