As the use of artificial intelligence (AI) and machine learning (ML) technologies grows, so do concerns about their implications for cybersecurity.
According to a recent press release, global enterprise leaders now view these emerging technologies as the biggest threat to their digital defenses, prompting a shift in cyber investment towards detection and prevention instead of remediation. This strategic pivot comes as a response to the increasing sophistication of cyber threats and a surge in cyberattacks in recent months.
Battling a constant threat
The ISG Cybersecurity Buyer Behavior Study, a recent survey conducted by the Information Services Group (ISG), reveals the pervasive nature of cyber threats, per the release. With 95% of over 200 global IT and enterprise executives reporting multiple cyber incidents in their organizations within the past year, the need for robust cybersecurity measures has never been more precise. Phishing emerged as the most common form of cyberattacks, cited by 74% of the respondents, followed by malware (60%) and software vulnerabilities (50%).
Yet, as organizations grapple with frequent phishing and software-related attacks, their attention is increasingly focused on the evolving threat from AI and ML. Alex Bakker, ISG Distinguished Analyst and author of the study noted that;
“The number-one security risk organizations expect over the next two years is the evolving threat from AI and machine learning, listed as a top threat by 56 percent of respondents.”
The financial sector faces a high risk
In particular, the banking and financial services industry is feeling the heat, with nearly 80% of participants in the ISG study highlighting emerging technology as a top-three challenge. Meanwhile, ransomware and cloud-based threats remain crucial focus areas for 46% and 45% respectively of security decision-makers across all industries.
The magnitude of these threats has led to a notable increase in cybersecurity budgets. The average security budget surged by 4.64% in 2023 compared to the previous year, despite other departmental budgets shrinking by around 7% year-on-year. Typically, security budgets amount to around 0.8% of an organization’s overall revenue, but for larger organizations with 100,000 or more employees, this figure rises to 1%.
Prevention takes priority
Companies increasingly prioritize threat detection and prevention over response and recovery, with around half the enterprise budgets allocated to these areas. Doug Saylors, partner and co-leader of ISG Cybersecurity, emphasized the importance of a balanced cybersecurity approach;
“Virtually every enterprise – large and small – experiences regular cyberattacks. Interestingly, respondents were more likely to blame prevention and detection measures – the areas that garner the highest percentage of investment – for allowing cyber incidents to occur, rather than human error or technology.”
AI and cybersecurity: A double-edged sword
While organizations leverage AI-based tools for better threat detection and system protection, cybercriminals use the technology to launch more sophisticated attacks.
According to a report by Acumen Research and Consulting, the global market for AI-based security products is projected to reach $133.8 billion by 2030, driven by the rise in costly cyberattacks, the shift to remote work during the Covid-19 pandemic, and the growing adoption of the Internet of Things (IoT).
However, AI’s role in cybersecurity has been relatively limited so far. Brian Finch, co-leader of the cybersecurity, data protection & privacy practice at Pillsbury Law, noted that “companies thus far aren’t going out and turning over their cybersecurity programs to AI,” as per CNBC. AI is mainly used in products like email filters and malware identification tools.