Most businesses are concerned about AI-enabled cyber-threats, with 93% of security leaders expecting to face daily AI-driven attacks by the end of 2024, according to a new report by Netacea.
Around two-thirds (65%) expect that offensive AI will be the norm for cybercriminals, used in most cyber-attacks.
The threat vector that respondents to the Netacea survey believe is most likely to be powered by AI is ransomware, cited by 48% of CISOs.
This was followed by phishing (38%), malware (34%), bot attacks (16%) and data exfiltration (13%).
These views closely align with the threat vectors security leaders see as the greatest cyber threat facing their business in the next six months: ransomware (36%), phishing (22%), malware (21%), bot attacks (11%) and data exfiltration (9%).
Netacea believes this shows businesses underestimate the impact bot attacks have, citing its 2023 survey in which enterprises reported that bots cost on average 4.3% of their online revenue.
The firm said this equates to 50 ransomware payouts for the largest businesses.
How Businesses Are Using AI in Cyber Defense
All organizations included in the survey have incorporated AI within their security stack to some degree, with 100% experiencing improved efficiency as a result.
Nearly two-thirds (61%) of respondents said AI has significantly decreased operational overheads.
Around three-quarters (73%) said AI deployment had significantly improved their security stack, and 27% said there had been a slight improvement.
The research found that AI adoption is weighted towards high impact attack protection, such as DDoS.
Cyril Noel-Tagoe, Principal Security Researcher at Netacea, said the findings show that both attackers and defenders will increasingly utilize AI to enhance their respective operations.
“AI is a means to an end. The attacker has an objective and will use any and all tools available to achieve it as quickly and cheaply as possible.
“However, we are still in the test and learn phase. And yes, that applies to both the attackers and the defenders. As attackers become more confident, and proven use cases emerge, we can expect an explosion of offensive AI. That will require a reciprocal explosion in defensive AI,” he explained.