The role of AI in cybersecurity has become a double-edged sword. While AI tools have significantly improved threat detection and response capabilities, they have also increased the scale and sophistication of cyberattacks.
A recent global study from Kaspersky highlights this growing paradox, showing that nearly three-quarters of cybersecurity professionals are deeply concerned about the risks posed by AI-amplified attacks.
This concern is not unfounded: 46% of respondents believe that most of the cyberattacks suffered by their organization in the last year involved AI technologies.
Cyber defense today: trust and challenges
Cybersecurity remains a strategic priority, but confidence in current protection measures is uneven. While 34% of respondents described their organization’s defenses as comprehensive, 21% acknowledged significant gaps, with some even calling their protection “poor.” Larger companies tend to employ dedicated specialists, with 23% of companies having full-time cybersecurity staff, compared to 18% of small and medium-sized businesses (SMEs).
However, trust declines sharply among IT professionals who spend only part of their time on cybersecurity. Only 12% of these professionals believe their organization’s defenses are sufficient, compared to 51% of those entirely dedicated to the field.
Key stats:
- 59% of organizations have implemented measures to ensure better visibility into devices, networks and access points to detect anomalies.
- 50% say they need more qualified cybersecurity staff, but 39% struggle to find suitable candidates.
- 46% say AI played a role in the majority of recent attacks against their systems.
AI-based attacks a growing concern
As cyberattacks continue to increase, phishing remains the most common threat, reported by 49% of organizations. Other significant threats include covert malware installations (34%), ransomware (29%), and business email compromise (20%). Regionally, Europe leads in phishing attacks (56%), while ransomware is most prevalent in the Asia-Pacific region (38%).
Alarmingly, organizations that have seen a sharp increase in attacks are particularly concerned about emerging threats, such as zero-day vulnerability exploitation and distributed denial of service (DDoS) attacks.
Regional overviews:
- CIS countries report the lowest perception of AI involvement in attacks (34%).
- The META region leads in identifying AI-based attacks, with 53% recognizing the threat.
The dual role of AI in cybersecurity is clear. On the one hand, it improves threat detection and automates tedious workflows, thereby improving response times and accuracy. On the other hand, it gives attackers tools to bypass security measures, detect system vulnerabilities, and launch coordinated, multi-level attacks.
The study reveals that organizations are rapidly adopting AI-based tools:
- 46% are already using AI to manage system vulnerabilities.
- 47% use AI to automatically respond to and neutralize threats.
- 51% are actively implementing AI to mitigate the damage caused by attacks.
Despite this progress, 43% of respondents cite the lack of AI-based tools as a critical weakness in their defenses.
In the future, 88% of respondents expect an increase in AI-based cyberattacks. Social engineering attacks, powered by open source AI-assisted intelligence (OSINT), are expected to become more effective. Additionally, 48% believe AI will make it easier for cybercriminals to exploit system vulnerabilities and increase the volume of attacks.
Recommended reading
The expected consequences of a failure to adapt cybersecurity measures are serious:
- 58% anticipate increased risks of confidential data breaches.
- 52% predict a decline in customer trust and financial losses.
- 47% are worried about damage to their reputation.
To counter AI-based threats, organizations must take a multi-layered security approach:
- Improved Visibility: Nearly 59% of organizations have already improved their infrastructure monitoring to detect anomalies more quickly.
- AI-powered tools: Automation and machine learning are key to adapting to evolving threats, with 94% of respondents agreeing on the need for AI-enhanced solutions.
- Skilled workforce: Recruiting and training cybersecurity experts remains a top priority, as recognized by 60% of respondents.
- External expertise: Leveraging managed services and external support can help close skills gaps and improve readiness.
“The rise of AI-based cyberattacks marks a turning point in the cybersecurity landscape,” said Alexey Vovk, Chief Information Security Officer at Kaspersky.
“Organizations must act now to strengthen their defenses. This includes investing in AI-based tools, training employees to recognize AI-related threats, and developing and implementing cybersecurity controls for products and services using AI.
“Failure to adapt could result in significant financial, operational and reputational damage.” Preparation is not just an option: it is a necessity in this new era of cyber threats.