Cybercrime is expected to cost $8 trillion globally this year — and increase to $10.5 trillion by 2025.

With cybercrime rising in cost and frequency, organizations are looking to increase investments in IT and artificial intelligence in particular. AI can enhance security measures, including threat detection and prevention, malware detection, authentication and access control, incident response, predictive analytics, and more.

However, AI can also be weaponized by malicious actors to launch more and increasingly sophisticated attacks. Experts, executives, and government officials have warned that AI-generated attacks are already happening and will likely surge in the near future. 

To help you get a better understanding of the role of AI in cybersecurity today and in the future, we’ve compiled a list of 36 statistics. Read to learn about AI trends, challenges, and threats that organizations are facing today — plus, get tips for how to use AI to improve your security posture.

The potential and challenges of AI

More organizations are starting to invest in artificial intelligence to enhance their security posture. Read the statistics below to learn how cybersecurity leaders are planning to invest and implement AI and what challenges they’re facing.

1. 94% of business leaders believe AI is critical to success over the next five years. (Deloitte)

2. 76% of business leaders reported they plan to increase their investments in AI to gain more benefits. (Deloitte)

3. 80% of tech executives reported that they will increase investment in AI in the next year. (EY survey)

4. 58% of tech executives at companies with plans to increase investments in IT or emerging technologies most often report having a plan to prioritize generative AI. (EY survey)

5. The AI market is expected to grow twentyfold by 2030, up to nearly two trillion U.S. dollars. (Statista)

6. 50% of surveyed leaders cite the top three AI scaling challenges as managing AI-related risk, lack of executive commitment, and lack of maintenance and post-launch support. (Deloitte)

7. More than four in 10 executives have “major” or “extreme” concerns about various types of AI risks, with “cybersecurity vulnerabilities” topping that list. (Deloitte)

8. 81% of organizations achieving strong AI outcomes reported that they usually or always address the cybersecurity risks of AI throughout a project’s life cycle. Only 68% of low-outcome organizations reported doing so. (Deloitte)

AI in cybersecurity

Cybersecurity products and processes are being transformed by AI. Learn how it’s impacting activities like threat detection and the market as a whole. 

9. The global market for AI-based cybersecurity products is estimated to reach $133.8 billion by 2030, up from $14.9 billion in 2021. (Acumen Research and Consulting)

10. 82% of IT decision-makers plan to invest in AI-driven cybersecurity in the next two years and almost half (48%) plan to invest before the end of 2023. (BlackBerry)

11. 64% of executives have implemented AI for security capabilities and 29% are evaluating implementation. Only 7% are not considering the use of AI for cybersecurity. (IBM and the American Productivity and Quality Center)

12. The use of security AI and automation jumped by nearly one-fifth in two years, from 59% in 2020 to 70% in 2022. (IBM) 

13. Organizations with fully deployed security AI and automation increased by six percentage points, from 25% to 31%, between 2021 and 2022 and by 10 percentage points, from 21% to 31%, between 2020 and 2022. (IBM) 

14. The share of organizations with no security AI and automation deployed decreased from 35% in 2021 to 30% in 2022 and has decreased from 41% in 2020, a difference of 11 percentage points. (IBM)

15. Leaders in security AI adoption reported they increased their return on security investment (ROSI) by 40% or more in 2021. (IBM and the American Productivity and Quality Center)

16. The top AI adopters in 2021 said AI plus automation helped them reduce their total cybersecurity costs by at least 15%. (IBM and the American Productivity and Quality Center)

17. The top applications for AI in cybersecurity are network security (75%), data security (71%), and endpoint security (68%). (Capgemini Research Institute)

18. 20% of organization leaders said that artificial intelligence (AI) and machine learning (20%) will have the greatest influence on their cyber risk strategies over the next two years. (World Economic Forum)

19. 69% of executives say that AI results in higher efficiency for cybersecurity analysts in the organization. (Capgemini Research Institute)

20. 69% of cybersecurity executives believe AI is necessary to effectively respond to cyberattacks. (Capgemini Research Institute)

21. 61% of organizations say that they will not be able to identify critical threats without AI. (Capgemini Research Institute)

22. 51% of executives say they make extensive use of AI in cyberthreat detection. 34% use it extensively for prediction and 18% for response. (Capgemini Research Institute)

23. The percentage of AI Adopters leveraging AI to support protection and prevention is expected to grow by approximately 40%, on average, in the next three years, with the same growth expected across detection and response. (IBM and the American Productivity and Quality Center)

AI and data breaches

Cyber attacks resulting in data being lost or compromised can severely impact an organization — but AI is lessening that impact. Find out how.

24. Using an AI platform was the number one factor associated with the highest cost decrease compared to the mean cost of a breach. Breaches at organizations with AI platforms had an average cost of $4.05 million, which was $300,075 less than the mean cost of a data breach of $4.35 million. (IBM) 

25. Breaches at organizations with fully deployed security AI and automation cost $3.05 million less than breaches at organizations with no security AI and automation deployed — a 65.2% difference in average breach cost. (IBM)

26. Organizations with high levels of use of security platforms that use AI had an average cost of a breach that was $2.39 million, or 55.3%, lower than those with low levels of use of an AI platform. (IBM) 

27. Leaders in security AI adoption reported they reduced data breach costs by at least 18% in 2021. (IBM and the American Productivity and Quality Center)

28. On average, companies with fully deployed security AI and automation are able to detect and contain a data breach 74 days faster than companies with no security AI and automation deployed. (IBM) 

29. 75% of cybersecurity executives say AI allows their organization to respond faster to breaches. (Capgemini Research Institute)

30. 69% of executives say that AI provides a higher accuracy of detecting data breaches. (Capgemini Research Institute)

AI as cyber threat

While AI can be a powerful tool for cyber defense, it can also be a powerful weapon for cyber crime. Learn more about how AI poses a threat in the wrong hands. 

31. 51% of IT professionals predict that a successful cyberattack will be credited to ChatGPT by 2024. (BlackBerry)

32. 53% of IT professionals said the top global concern is ChatGPT’s ability to help hackers craft more believable and legitimate sounding phishing emails. (BlackBerry)

33. 71% of IT professionals believe ChatGPT may already be in use by nation-states to attack other countries through hacking and phishing attempts. (BlackBerry)

34. 43% of cybersecurity executives reported an increase in machine-speed attacks (ie. ransomware and other automated attacks that propagate and/or mutate very quickly and are virtually impossible to neutralize using human-dependent response mechanisms). (Capgemini Research Institute)

35. In North America, the proportion of deepfakes more than doubled from 2022 to Q1 2023. (Fintech Finance News)

36. Experts believe that within the next five years, threat actors will create AI that can autonomously identify vulnerabilities, plan and carry out attack campaigns, use stealth to avoid defenses, and gather and mine data from infected systems and open-source intelligence. (Finnish Transport and Communications Agency, Finnish National Emergency Supply Agency, and WithSecure)

Tips for using AI to improve cybersecurity

Below are tips for using AI to enhance your organization’s security posture. 

1. Identify high-potential use cases for AI in cybersecurity. 

Whether you’re just starting to use AI, looking for ways to optimize it, or trying to justify more investment in AI in your cybersecurity program, it’s essential that you identify the high-potential use cases. These use cases will offer the most benefits to your organization and be the least complex to implement. 

Some examples might be intrusion detection, malware detection, data protection, and compliance.

High-potential use cases should be prioritized first. You can put high-value use cases with increasing complexity on your roadmap. 

2. Invest in security AI and automation to help improve detection and response times.

One of the best use cases for security AI and automation is the identification and containment of incidents and intrusion attempts. Using security technologies that can augment or replace human intervention will enable your organization to reduce processes driven by manual inputs, often across dozens of tools and complex, nonintegrated systems — or eliminate them entirely.

Investing in security AI and automation in this way can help significantly reduce average data breach costs and breach lifecycles. 

3. Train and upskill cyber analysts in AI

While AI can be used to detect threats among enormous data sets more efficiently than humans, organizations still need cyber analysts to improve the logic underpinning AI algorithms to close potential threat entry points. According to the survey by Capgemini Research Institute, half of the executives say that there is a lack of qualified cybersecurity experts who are capable of doing so. 

The key will be to train and upskill cyber analysts in AI so they have both the knowledge of the company and its key processes and the ability to integrate and validate AI along these processes as it is trying to secure them. 

Cyber analysts will also be essential in decision making and policy making as well as other tasks like creating detection criteria and researching emerging threats.

Organizations that invest in cyber analyst training and upskilling will be most able to leverage the skill of human expertise and the speed and scale of AI.

4. Take a multilayered approach to cybersecurity

You can’t rely on AI alone to protect your organization from cyber threats. You must incorporate it into a multilayered approach consisting of technology, people, and processes. 

In addition to AI, your organization’s cybersecurity strategy should include continuous monitoring, regular security awareness training, robust security policies, and cybersecurity talent management, among other security controls and tools.

Leverage security AI and automation with Secureframe

Security AI and automation has a tremendous impact on an organization’s ability to prevent and triage costly security incidents. Learn how Secureframe’s compliance automation platform can help your organization specifically by scheduling a demo today.