According to a report from MixMode, while AI is increasingly being applied in the cybersecurity field, large-scale implementation remains challenged by a lack of expertise, budget, and trust.
The report, commissioned through the Ponemon Institute, surveyed 641 U.S. IT and security professionals to understand the current state of AI in cybersecurity and found that adoption is still in its infancy.
“All respondents are involved in and responsible for detecting and responding to potentially malicious content and threats targeting their organization's information systems and IT security infrastructure,” MixMode said in the report. It is stated in “They also have some responsibility for evaluating and/or selecting AI-based cybersecurity tools and vendors.”
More than half (52%) of survey respondents work at supervisory level or above, with a significant portion of the total coming from the financial services (18%), industrial and manufacturing (12%), and retail (9%) sectors . .
Strengthen defense through early introduction
The survey found that 52% of respondents agree, placing AI adoption in cybersecurity at an early stage, with only 18% saying AI tools and practices are fully mature. was.
Defensive AI is emerging as an important AI use case, with 58% of respondents saying their organizations are investing in AI to thwart AI-based attacks. Overall, 69% believe defensive AI is essential to blocking “targeted attacks at unprecedented speed and scale” that evade traditional rules-based detection.
The study found that the most valuable applications for AI are threat intelligence and threat detection, with 65% of respondents saying they use AI to track suspicious IPs, hostnames, and file hashes; said they use it for threat detection and create rules based on AI. Known threat patterns and indicators.
Half of respondents said AI helped improve their overall security posture through prioritizing threats and vulnerabilities, and 46% said AI helped identify application security vulnerabilities.
Economic benefits are also largely due to the use of AI, with 63% of respondents saying AI helped reduce cybersecurity operational costs. A significant number of respondents said it helped increase revenue (55%) and productivity (52%).
Lack of expertise and budget are current challenges
The two main barriers include the inability to apply enterprise-wide AI controls (61%) and lack of interoperability between AI tools (60%) or with legacy systems (65%).
A large portion of these challenges can be attributed to a lack of expertise, with 53% of respondents citing a lack of in-house expertise to verify vendor claims as one of their challenges. This was revealed in the investigation. Struggling to identify key areas for AI deployment also emerged as a challenge, with only 44% of respondents saying they could accurately deploy it.
54% of respondents say their organization needs external expertise to take advantage of AI-based security tools, and half of respondents say they need external expertise to fill a gap in cybersecurity expertise within their organization. admitted that it is introducing AI.
A lack of cybersecurity budget was also cited as a major concern by 56% of respondents, and an additional 42% said they don't have enough time to integrate AI-based technologies into their security workflows. 56% of respondents acknowledged systemic distrust of AI decision-making, and the remaining 52% found it difficult to protect sensitive and personal data used by AI.
The report found that only 49% of responding organizations have an organization-wide task force to manage AI risk, recommending having an enterprise-wide strategy for AI adoption. . 37% of respondents said their company has one unified approach to both AI and privacy security risks.