EY Survey Reveals Enterprises are Investing in AI to Repel Adversaries Weaponizing the Very Same Technology

by Amy Larsen DeCarlo, posted in Secure
A professional portrait of a woman with long blonde hair, wearing a black jacket and a light-colored top, smiling against a soft blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Ninety-six percent of the security leaders surveyed see AI as a core element in their cybersecurity strategy that they are already deploying

• However, that same number perceive AI-driven attacks as serious threats to their organization

Cybersecurity is a delicate balancing act, requiring organizations to mount multi-layered defenses without causing the kind of friction that can impede productivity. An effective defense also requires the adequate funding to ensure the appropriate technical and personnel resources are in place to protect enterprise assets. With AI as an active part of the cybersecurity conversation, there are more angles for IT organizations to consider as both a proactive tool and an offensive weapon.

Global professional services firm EY surveyed 500 security decision-makers at companies with annual revenues of at least $500 million, finding that they are keenly aware of AI’s potential both as an essential protective tool and as a serious threat in the hands of adversaries. Unfortunately, most – 85% – who are already using AI as part of their security arsenals think their budgets are underfunded with respect to the severity of the looming threat AI-powered attacks pose. Just 20% said their cybersecurity governance framework is sufficient and well-integrated into organizational culture.

That said, it is still relatively early in terms of embedding AI capabilities, and many anticipate their organizations will make appropriate investments. The number of organizations expecting 25% of their cybersecurity budgets to be dedicated to AI solutions will increase from 9% now to 48% in the next two years. Two-thirds currently using AI as part of their cybersecurity efforts today project they will spend at least $5 million in two years; one-third expect to allocate $10 million.

Forty-six percent saw a return of under $1 million from AI-driven solutions now, while 12% said they didn’t see any return or aren’t quantifying cost savings. Areas where organizations expect AI to play a major role include advanced persistent threat (APT) detection, identity and access management (IAM), third-party risk management, real-time fraud detection, data privacy and compliance, and deepfake impersonation defense.

Though embedding AI into their security defenses may not produce significant cost reductions, security leaders predict the technology will lead to progress in key metrics like mean time to recovery (MTTR), mean time to detect (MTTD), and significant decreases in false positives.

Leave a Reply