Enterprises are all in on AI for security but budgets aren’t keeping pace

Recent EY research shows security practitioners see both sides of the AI coin – as foundational to their security strategies but also as a dangerous threat.

96% of the security leaders surveyed see AI as a core element in their cybersecurity strategy that they are already deploying. Credit: MUNGKHOOD STUDIO via Shutterstock.com.

Enterprises facing a challenging cybersecurity threat environment recognise AI is coming into play in equal parts as an important element in their defences, as a dangerous weapon their adversaries are all too eager to wield. Global professional services company EY surveyed 500 security decision-makers at companies with annual revenues of at least $500m to gain their perspective on the role AI will play in their security strategies now and going forward. 96% of the security leaders surveyed see AI as a core element in their cybersecurity strategy that they are already deploying. However, that same number perceives AI-driven attacks as serious threats to their organisation.

Unfortunately, most – 85% – who are already using AI as part of their security arsenals think their budgets are underfunded with respect to the severity of the looming threat AI-powered attacks pose. Just 20% said their cybersecurity governance framework is sufficient and well-integrated into organisational culture.

Go deeper with GlobalData

Data Insights

The gold standard of business intelligence.

Find out more

Access deeper industry intelligence

Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.

Find out more

That said, it is still relatively early days in terms of embedding AI capabilities, and many anticipate their organisations will make appropriate investments. The number of organisations expecting 25% of their cybersecurity budgets to be dedicated to AI solutions will increase from 9% now to 48% in the next two years. Two-thirds currently use AI as part of their cybersecurity efforts today and project they will spend at least $5m in two years; one-third expect to allocate $10m.

46% saw a return of under $1mn from AI-driven solutions now, while 12% said they didn’t see any return or aren’t quantifying cost savings. Areas where organisations expect AI to play a major role include Advanced Persistent Threat (APT) detection, identity and access management (IAM), third-party risk management, real-time fraud detection, data privacy and compliance, and deepfake impersonation defence.

Though embedding AI into their security defences may not produce significant cost reductions, security leaders predict the technology will lead to progress in key metrics such as mean time to recovery (MTTR), mean time to detect (MTTD), and significant decreases in false positives.