Sophos, has revealed that a majority of technology leaders in company’s are worried about cyber criminals who might exploit vulnerabilities used in cyber security.
The report titled, Beyond the Hype: The Business Reality of AI for Cybersecurity, surveyed 400 IT leaders on the role of artificial intelligence in security.
The findings reveal both growing adoption and significant concerns about generative AI (GenAI) in cybersecurity.
While 65% of respondents have integrated GenAI into their security operations, 89% worry that flaws in these AI-powered tools could expose their organizations to risk.
Additionally, 87% fear that over-reliance on AI may lead to a lack of accountability in cybersecurity decision-making.
A parallel study from Sophos X-Ops, Cybercriminals Still Not Getting on Board the AI Train [Yet], found that while cybercriminals remain skeptical of AI, some have started leveraging it for automation.
In underground forums, bad actors have been observed using AI to streamline tasks such as bulk email generation and data analysis, and even incorporating it into social engineering and spam campaigns.
AI’s Role in Cybersecurity: A Double-Edged Sword
Chester Wisniewski, Director and Global Field CTO at Sophos, emphasized the need for vigilance when deploying AI-driven security tools.
“As with many other things in life, the mantra should be ‘trust but verify’ regarding generative AI tools. We have not actually taught the machines to think; we have simply provided them with the context to speed up the processing of large quantities of data,” Wisniewski said.
Despite AI’s potential to enhance security operations, concerns persist. The survey found that 84% of IT leaders worry about unrealistic expectations pushing organizations to reduce cybersecurity staff.
Smaller companies (50-99 employees) see GenAI as a means to alleviate burnout, while larger enterprises prioritize enhanced protection.
Cost Challenges and Expected Savings
The financial implications of AI-driven security tools remain ambiguous. Three-quarters (75%) of IT leaders admitted that the costs of GenAI in cybersecurity products are difficult to quantify.
However, 80% believe AI-driven tools will increase overall security expenses, even as 87% expect cost savings from GenAI to ultimately offset these expenses.
With AI now embedded in the cybersecurity infrastructure of 98% of surveyed organizations, its role in security strategy is undeniable.
Yet, as businesses continue to adopt AI-driven defenses, the challenge remains: balancing innovation with accountability and ensuring that human oversight remains a critical component of cybersecurity.
