Al has become a cornerstone of modern cybersecurity. Vendors across the cybersecurity spectrum emphasize Al-driven features in their products and services, reinforcing the message that Al is now an essential component of effective cyber defense.
Sophos, a British security software and hardware company in its latest report titled, “Beyond the Hype: The Business Reality of AI for Cybersecurity”, explores the use of AI in cybersecurity, with a particular focus on generative AI. The report provides insights into AI adoption, desired benefits, and levels of risk awareness based on findings from a survey of 400 IT and cybersecurity leaders working in small and mid-sized organizations.
In the report, a vast majority of organizations, specifically 98%, disclosed that they have integrated some form of Artificial Intelligence (AI) into their cybersecurity strategies. This widespread adoption highlights the increasing recognition of Al’s crucial role in safeguarding digital assets in today’s complex threat landscape.
Register for Tekedia Mini-MBA edition 17 (June 9 – Sept 6, 2025) today for early bird discounts. Do annual for access to Blucera.com.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register to become a better CEO or Director with Tekedia CEO & Director Program.
73% use cybersecurity solutions that include deep learning models, 65% use cybersecurity solutions that include GenAI capabilities, and 34% use GenAI in-house to elevate their cybersecurity. Sophos noted that AI adoption is likely to become near universal within a short time frame, with AI capabilities now on the requirements list of 99% of organizations when selecting cybersecurity platforms.
The survey reveals that organizations seek a variety of benefits from GenAl, with the most common objectives being improved cyber protection and enhanced business performance (both financial and operational). Additionally, organizations believe that incorporating GenAl in cybersecurity solutions provides peace of mind, ensuring they remain equipped with the latest defense mechanisms.
Interestingly, reduction in employee burnout ranked lowest among desired benefits, despite the well-documented shortage of cybersecurity professionals. However, smaller organizations (50-99 employees) view burnout reduction as a top priority, likely due to their limited workforce, which makes staff absences more disruptive. Meanwhile, mid-sized organizations (100-249 employees) prioritize better returns on cybersecurity investments, and larger organizations (1,000-3,000 employees) place the highest value on improved protection against cyber threats.
As Al adoption nears universal levels, the report noted that organizations must prioritize understanding its risks and the necessary mitigation strategies to enhance their security posture effectively.
Defense Risk: The Pitfalls of Poor Al Implementation
With cyber threat mitigation being a primary driver for GenAl adoption, organizations recognize the risks posed by low-quality or poorly implemented Al models. Alarmingly, 89% of IT and cybersecurity professionals’ express concerns over potential flaws in Al-driven security tools, with 43% being extremely concerned and 46% somewhat concerned.
In response, nearly all organizations (99%) assess the security processes behind GenAl-enabled cybersecurity solutions before adoption. However, despite high confidence in these assessments, the report suggests that many organizations have a critical blind spot. Evaluating GenAl development processes requires transparency from vendors and expertise in Al assessment, both of which are often lacking. This knowledge gap means many organizations may not fully understand what they do not know about Al security risks.
Organizations expect GenAl to enhance cybersecurity while reducing overall costs. However, the development and maintenance of high-caliber GenAl capabilities come at a significant expense. Notably, 80% of IT and cybersecurity leaders anticipate a rise in cybersecurity product costs due to GenAl integration. Despite this, 87% of organizations believe that the savings generated by GenAl-powered cybersecurity solutions will outweigh their costs.
This confidence in positive RI increases with company revenue, with organizations earning $500M+ being 48% more likely to strongly agree that GenAl costs will be offset by savings compared to those with revenues below $10M. However, tracking Al expenditures remains a challenge, as GenAl costs are often embedded within broader cybersecurity budgets. A staggering 75% of respondents find these costs difficult to quantify, with organizations earning $500M+ being 40% more likely to struggle with this issue compared to those earning less than $10M.
Operational Risk: Over-Reliance on Al
Al’s growing presence in cybersecurity may lead to an overdependence on automated systems, potentially reducing human oversight and accountability.
Most organizations acknowledge these risks:
84% express concern about Al-driven pressure to reduce cybersecurity workforce numbers (42% extremely concerned, 41% somewhat concerned).
87% worry about diminished accountability in cybersecurity operations due to over-reliance on Al (37% extremely concerned, 50% somewhat concerned).
Conclusion
The report underscores the growing reliance on Al-powered solutions to combat evolving cyber threats, automate security processes, and enhance overall cybersecurity posture. As cyberattacks become more sophisticated and frequent, organizations are turning to Al to augment their defenses and stay ahead of potential breaches.
While Al, particularly GenAl, presents significant opportunities for enhancing cybersecurity, organizations must be vigilant about its risks.