Cybersecurity Turns to AI Amid Generative AI Threat Surge: EY

The integration of AI into cybersecurity operations is no longer optional but a strategic necessity, writes EY in a new report. The company indicates that corporations are implementing these technologies to automate defense and optimize incident response. However, this rapid business adoption of Generative AI simultaneously introduces significant new vulnerabilities into the corporate ecosystem.

The fundamental reason behind this technological shift is the inability to manage the volume and sophistication of current threats using traditional methods. The financial system, for example, faces a number of security events that exceeds human capacity.

"We would not be able to manage that volume without ML and AI," says Gajan Ananthapavan, Global Head of Security Operations, Intelligence, and Influence, Australia and New Zealand Banking Group Limited (ANZ Bank). According to the EY report, this scenario highlights the growing reliance on intelligent automation to maintain operational resilience. The automation of about 30% of incident response at the bank, driven by machine learning and AI, provides a concrete and measurable use case.

The cybersecurity environment is characterized by a persistent shortage of specialized talent and a constantly expanding attack surface. In this scenario, efficiency becomes the primary performance indicator.

The EY report identifies a group of organizations it calls "Security Creators," which are distinguished by their mature cybersecurity functions. These entities demonstrate superior technological adoption: 62% of them already use or are in the final stages of implementing AI and machine learning, compared to 45% of other organizations.

This adoption gap translates into disparate operational results. The report says that "Security Creators" achieve cyber incident detection and response times that are over 50% faster than their peers. Proactive AI integration not only optimizes defense but also redefines the resource model, allowing these corporations to anticipate threats with less reliance on personnel and more efficient capital allocation.

AI is solidifying its role as the technological cornerstone of cybersecurity research and development. Data from the EY report shows it has been part of 59% of all cybersecurity patents since 2017.

Report Details and Projections

The implementation of AI in cybersecurity processes primarily covers incident detection, response and recovery. The quantitative benefits are significant. A CISO from a large asset management corporation in North America reported a reduction of at least 50% in the mean time to detect and respond. In terms of workdays, the "Security Creators" saved an average of more than 150 days in the full data breach management cycle.

Preliminary analysis from EY points to efficiency gains from using AI in cyber defense that can range from 15% to 40%. This frees up critical resources that can be reallocated to strategic initiatives.

However, this transition is not without challenges. The primary warning for security leaders is the need to prepare existing infrastructure before scaling AI implementation. The report urges corporations to transform their technology stack before adopting automation and Generative AI. The consolidation of legacy infrastructures and the reduction of complexity are therefore essential prerequisites to maximize the return on AI investment.

Simultaneously, the rise of Generative AI in business functions creates a new risk vector. While cybersecurity teams focus on using AI for defense, the rest of the organization adopts Generative AI tools without adequate safeguards. This generates vulnerabilities that many security functions are not yet prepared to mitigate and positions the CISO in a crucial role: to evolve from a technological gatekeeper to a strategic enabler of digital transformation.

Going forward, CISOs are expected to take on the responsibility of guiding other business areas in integrating cybersecurity controls within their own AI models. In doing so, they not only protect the corporation but also enable a broader and more secure adoption of technology, generating value across the entire enterprise.