According to a survey by Enea on artificial Intelligence (AI) in cybersecurity, 76 per cent of cybersecurity professionals believe the world is very close to encountering malicious AI that can bypass most known cybersecurity measures. More than a quarter (26 per cent) see this happening within the next year, and 50 per cent in the next five years. Phishing, social engineering tactics, and malware attacks are those most likely to become more dangerous with the use of AI.
The report provides an in-depth, holistic view of how cybersecurity professionals see AI and its impact on the industry, including their anticipations, apprehensions, and various strategies for integrating AI into their network defenses. The results are complemented by insights and recommendations, established through collaboration with Enea analysts, on how to build the capabilities, confidence, and resilience required to counter the emerging use of AI to execute cyberattacks.
The report breaks down key survey findings into fears, hopes, and plans around AI/machine learning (ML) in cybersecurity:
- Fears – In addition to the concern about offensive AI outpacing defensive AI, a significant 77 per cent of professionals express serious worries about rogue AI, where AI behavior veers away from its intended purpose or objectives and becomes unpredictable and dangerous. Phishing, social engineering and malware attacks are seen as the top threats that will be strengthened by AI, but identity fraud, data privacy breaches, and distributed denial-of-service (DDoS) attacks were also cited as likely to become more effective.
- Hopes – Respondents are nonetheless optimistic about AI’s positive impact on cybersecurity. AI is anticipated to bolster threat detection and vulnerability assessments, with intrusion detection and prevention identified as the domain most likely to benefit from AI. Deep learning for detecting malware in encrypted traffic holds the most promise, with 48 per cent of cybersecurity professionals anticipating a positive impact from AI. Cost savings emerged as the top key performance indicators (KPI) for measuring the success of AI-enhanced defences, while 72 per cent of respondents believe AI automation will play a key role in alleviating cybersecurity talent shortages.
- Plans – While a majority (61 per cent) of organisations are yet to deploy AI in any meaningful way as part of their cybersecurity strategy, 41 per cent consider AI as a high or top priority for their organisation. And a hopeful 68 per cent of respondents expect a budget increase for AI initiatives over the next two years.
Half of cybersecurity leaders report that their organisation has extensive knowledge regarding AI/ML in cybersecurity, and another 19 per cent report moderate knowledge, with the remaining roughly one-third reporting no-to-minimal knowledge. When asked what steps organisations should take to prepare for sophisticated or overwhelming AI attacks, 68 per cent cited increased cybersecurity training and awareness for employees.
Developing AI-specific incident response plans followed close behind (65 per cent), and 61 per cent said regular security assessments and audits. Over half of all respondents said that strengthening traditional security controls such as zero-trust protocols, multi-factor authentication, next-gen firewalls, and threat intelligence were key to preparing for sophisticated AI attacks.
Commenting on the findings, Laura Wilber, senior industry analyst, Enea, said, “Understanding the profound impact of AI on cybersecurity is crucial for navigating the evolving threat landscape. That begins by listening closely to the concerns and hopes of cybersecurity leaders and their teams on the front lines.”
Further, she adds, “This report confirms growing concerns around the malicious use of AI, but it also highlights some remarkable innovations in the use of AI to streamline and automate defences. Significant gains have already been made, such as a reduction in the average time it takes to detect and contain threats. However, AI is not a one-size-fits-all solution. It is essential that businesses take a clear and methodical approach to implementing AI strategies to achieve maximum readiness and resilience. As we say at Enea, do not be surprised, be ready.”