AI and automation for cybersecurity

Leading AI Adopters are uniting technology and talent to boost visibility and productivity across security operations.

Faced with an onslaught of cyberthreats, today’s security teams must contend with a new operational reality.

Pandemic-accelerated digital transformation has led to more remote workers. More cloud users. More cloud providers. Essential systems integration across an ecosystem of partners. An astounding number of edge devices passing Internet of Things (IoT) data to the cloud. All interconnected and interdependent, delivering the speed, scale, and connectivity expected in our daily digital lives. And all radically expanding an organization’s attack surface for cyber criminals to exploit.

More threat vectors have emerged—from an unwitting supplier to a disgruntled employee. Hackers disrupt business and consumer services with phishing, exfiltration of data, denial of service, malware, and ransomware attacks. Some threat actors are even applying adversarial AI to unleash more efficient strikes. Cyberattacks are increasingly sophisticated—and they are costly. For example, the average cost of a data breach reached an all-time high of $4.24 million in 2021.

Adopting AI-powered automation can help cybersecurity teams drive improved insights, productivity, and economies of scale.

The net result is a stark realization for many executives: modern digital operations are driving value but also creating new vulnerabilities. Cybersecurity professionals must adopt a more preventative, proactive posture for protecting core business operations.

To position their teams for success, they need to bring together disparate data sets and security tools while addressing the skills gaps in their limited cybersecurity resources. Our research suggests that leading organizations are pursuing a forward-looking approach to threat management, adopting AI-powered automation to drive improved insights, productivity, and economies of scale.

To understand how AI is being used to support security operations and to quantify its impact on cybersecurity performance, the IBM Institute for Business Value (IBV) partnered with APQC (American Productivity and Quality Center) to survey 1,000 executives with overall responsibility for their organization’s IT and operational technology (OT) cybersecurity systems. Respondents described their initiatives to use AI technology to support security operations and manage protection, prevention, detection, and response processes.

AI for cybersecurity is gaining traction

Overall, the majority of executives—globally and across industries—are adopting or are considering adoption of AI as a security tool. 64% of respondents have implemented AI for security capabilities and 29% are evaluating implementation.

Only 7% of respondents are not considering the use of AI for cybersecurity.

We refer to the 64% who are currently piloting, implementing, operating, or optimizing security AI solutions as the “AI Adopters.” They report AI applications have delivered significant positive impacts on their security outcomes. These include the ability to triage Tier 1 threats more effectively, detect zero-day attacks and threats, and reduce false positives and noise that require human analyst inspection.

AI advantage: AI Adopters improve performance by using AI for critical capabilities

AI Adopters improve performance by using AI for critical capabilities

The AI Adopters are successfully pairing AI systems with human intelligence to extend their visibility across a rapidly expanding digital landscape of apps and endpoints. In fact, 35% rank endpoint discovery and asset management as one of their top AI use cases now, with plans to increase usage to almost 50% in 3 years.

Facing a talent shortage, organizations are also turning to artificial intelligence to boost productivity of their overstretched resources. AI plus automation can help teams better manage the sheer volume and speed of security threats. 34% of AI Adopters say threat detection is one of their top AI use cases today, helping them gain efficiency from real-time detection of abnormalities. They also rank automated detection and response and threat intelligence as important applications, with plans to increase their use of AI for these capabilities in the next 3 years.

AI plus automation offers opportunities

Top-performing AI Adopters illustrate the potential for AI to transform cyber defense operations. Their use of AI has helped reinforce network security by monitoring 95% of network communications and 90% of endpoint devices for malicious activity and vulnerabilities. They estimate that AI is helping them detect threats 30% faster. They are also significantly improving response times to incidents and the time to investigate. And their return on security investment (ROSI) has jumped 40% as well.

Read the report to explore more positive impacts AI-powered cybersecurity solutions are delivering inside the security operations centers of leading Adopters. And review the action guide for steps you can take to drive performance and relieve pressure on overextended security teams using AI for cybersecurity.

Bookmark this report  

Meet the authors

Sridhar Muppidi

Connect with author:

, IBM Fellow, Vice President and Chief Technical Officer, IBM Security

Lisa Fisher

Connect with author:

, Global Benchmark Research Leader, IT, security, and cloud, and Global Research Leader, Middle East and Africa, IBM Institute for Business Value

Gerald Parham

Connect with author:

, Global Research Leader, Security and CIO, IBM Institute for Business Value

Download report translations

Originally published 03 June 2022