A new Sophos report has revealed that despite 65% of organizations adopting generative artificial intelligence (GenAI) capabilities, 89% of IT leaders across the globe are worried that vulnerabilities in AI-powered cybersecurity tools could expose their companies to risks.
The report, “Beyond the Hype: The Business Reality of AI for Cybersecurity,“ surveyed 400 IT leaders on the use of AI-driven security solutions.
Findings suggest that while AI is widely embedded in cybersecurity infrastructure as 98% of organizations surveyed confirmed its use, the concerns about over-reliance on AI remain high.
Cybercriminals begin exploring AI for attacks
In addition to this report, new research from Sophos X-Ops, titled “Cybercriminals Still Not Getting on Board the AI Train (Yet),” found a growing but cautious adoption of AI by cybercriminals.
- Sophos X-Ops analyzed underground hacking forums and discovered that while many criminals remain skeptical of GenAI, some have started using it to automate tasks like bulk email generation and data analysis.
- Others are integrating it into spam and social engineering toolkits, increasing the scale and efficiency of their attacks.
Chester Wisniewski, Global Field CTO at Sophos, emphasized the importance of human oversight:
“The potential of GenAI to accelerate security workloads is amazing, but it still requires human oversight to ensure its effectiveness. We haven’t taught machines to think; we’ve just given them the ability to process large amounts of data faster.”
Concerns over AI replacing human cybersecurity experts
According to the report, one of the biggest concerns raised in the survey is the potential reduction in cybersecurity jobs due to misplaced confidence in AI’s capabilities.
- It added that 87% of IT leaders worry that organizations could lose cybersecurity accountability by relying too much on AI.
- 84% are concerned about pressure to cut cybersecurity headcount due to unrealistic expectations of AI replacing human operators.
The report further shows that the size of an organization influences its AI priorities:
- Larger organizations (1,000+ employees) prioritize improving security protection.
- Smaller organizations (50-99 employees) see AI’s main benefit as reducing employee burnout.
AI costs vs. savings
While 80% of IT leaders believe GenAI will increase the cost of cybersecurity tools, many see long-term financial benefits.
According to the report, 75% agree that GenAI’s costs are difficult to quantify, however, 87% believe that GenAI savings will offset these costs, making cybersecurity more cost-efficient over time.
- Meanwhile, experts believe that AI in cybersecurity presents both opportunities and risks.
- While GenAI has the potential to enhance security, automate processes, and reduce burnout, IT leaders remain wary of its limitations, costs, and potential to replace human expertise.
- For businesses looking to adopt AI-driven security solutions, a balanced approach that includes human oversight and strategic implementation is critical.