Is AI now essential for cybersecurity?

John Leonard
clock • 2 min read

The increasing sophistication and automation of attacks is leading to an AI arms race, but RoI is hard to prove

With the growing range of automated attacks, ransomware and APTs from criminal gangs, state actors and collaborations between the two, it's no wonder that security teams feel they need a little help.

As part of a programme of research into security solutions for Computing Delta, we asked 130 IT leaders who had deployed or were looking to deploy AI-enhanced cybersecurity tools to gauge how much they agreed with this statement: ‘AI-enhanced cybersecurity is necessary to operate in today's threat landscape'.  

On a seven-point scale, the average level of agreement was 5.5 - or about 80 per cent. AI was generally deemed to be necessary in view of the increasing use of automation by attackers but insufficient on its own, adding to rather than replacing existing defences.

"Most cybersecurity extensions now are additive - you very rarely see something which is a replacement", said a CIO in higher education.

"I would never have that alone. I use it on top of what I already have", added a director of technology in the public sector.

However, an IT director from an architectural firm noted that the cost of some AI-enhanced security solutions means that retaining the other protections may not be possible: "We'd use it with other layers for testing, but when it comes to implementation that would be my whole budget gone."

Most agreed that increased automation is essential, particularly in network, email and endpoint defences, but difficulties around measuring the effectiveness of AI-enhanced solutions, the newness of the market and generally high costs currently make them hard to justify in terms of RoI when making a case to the finance director.

But with security tools this is nothing new. Organisations tend to be wise after the fact when either they or another firm like them - an Experian or Travelex for example - have become a victim.

Base: 130 UK IT leaders using or trialling AI-enhanced security tools

Minimising corporate risk was one of the main drivers, just after staying ahead of the threat landscape. Third was easing the burden on IT - a big promise of AI is that by learning what anomalies look like it can potentially reduce the number of alerts and the amount of manual processing. However, a large majority of those we spoke to said they'd be reluctant to dial up the levels of autonomy just yet, at least for the on-premises systems fully under their control. Handing decisions over to machines is a stepwise approach.

"The term ‘AI-enhanced' is about right for now," said the CIO in higher education. "You've got cybersecurity tools and you start to AI-enhance them, and then in the future, you might just have AI cybersecurity solutions without the ‘enhancement' bit."

AI-enhanced security solutions will be a topic under discussion next week at our virtual Deskflix event: Cybersecurity: new threats, new approaches. Click here for a full agenda.


Most read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security Technology

Qualys announces service to help organisations comply with UK NCSC cyber guidance

Qualys announces service to help organisations comply with UK NCSC cyber guidance

NCSC advises patching window of 5-7 days; UK currently stands at 15-17 days MTTR.

John Leonard
clock 17 April 2024 • 3 min read
Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'

Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'

'It’s an unfortunate reality that developers have not traditionally been big fans of security'

clock 26 March 2024 • 5 min read
UK's biometrics commissioners steps down, signalling missteps

UK's biometrics commissioners steps down, signalling missteps

Home Office is ignoring new technologies

Muskan Arora
clock 31 January 2024 • 4 min read