CISOs witnessing “significant impact” from AI-powered cyber threats

While an increasing number of CISOs report feeling a significant impact from AI threats, more than 60% now say that they are adequately prepared to defend against such threats. This is an increase of nearly 15% year-over-year. However, insufficient AI knowledge and skills, plus a shortage of personnel and skills, continue to be listed as the two top inhibitors to a successful defence.

“The impact of AI on cyber security is clear and increasing,” said Jill Popelka, CEO at Darktrace. “There are more employees and enterprise applications using AI that must be protected. Adversaries are using AI to make their attacks more targeted, scalable and successful. All of this is unfolding in a highly volatile geopolitical environment that’s creating more uncertainty.”

Poplka continued: “There has never been a more urgent need for AI in the Security Operations Centre to augment teams and pre-empt threats so that organisations can build their cyber resilience. That’s precisely why Darktrace continues to invest in new innovations in order to help customers manage risk and thrive in this new era of AI threats.”

Key findings 

The report is based on a survey of over 1,500 cyber security professionals holding roles ranging from CISO to IT security manager, IT security analyst and incident response specialist across 14 different countries.

Key findings from the report include the following:  

The increasing impact of AI-powered threats

This year, 78% of CISOs surveyed agreed that AI-powered cyber threats are having a significant impact on their organisation, which is up 5% from 2024. AI combined with the increase in Cyber Crime-as-a-Service and automation is increasing the sophistication and diversity of attack techniques faster than ever, from AI-enhanced phishing campaigns to evolving ransomware strains.

Gap between confidence in AI and comprehension of how it can be best deployed

95% of all cyber security professionals surveyed believe AI can improve the speed and efficiency of their ability to prevent, detect, respond to and recover from threats, but significant knowledge gaps persist. Only 42% reported that they fully understand the types of AI in their current security stack.

The gap increases across different roles, with 60% of CISOs reporting they know exactly what AI types are used versus 10% of IT security analysts/operators and 14% of IT security administrators.

Moreover, two of the top three inhibitors reported in defending against AI-powered threats include insufficient knowledge or use of AI-driven countermeasures and insufficient knowledge/skills pertaining to AI technology.

Teams are turning to AI to navigate talent and skills shortages

Despite respondents referencing insufficient personnel to manage tools and alerts as the greatest inhibitor in defending against AI-powered threats, only 11% reported that they plan to increase their cyber security staff cohort in 2025, which is down from last year.

AI is seen by this group as essential to augment human team members, with 64% reporting that they plan to add AI-powered solutions to their security stack in the next year and 88% reporting that the use of AI is critical to free up time for security teams to become more proactive.

Managing risk is a priority, but more action is needed

95% of all respondents report that their organisation is either currently discussing (50%) or has already implemented (45%) a formal policy for safe and secure use of AI.

This varies regionally and by industry. 52% of organisations in North America and 43% of organisations in the EMEA region report having a formal policy in place. Organisations in the financial services, retail and technology sectors globally report the highest level of policies currently in place.

At the same time, only 45% of respondents report that they have a formal AI oversight and governance function and only 37% report that they regularly monitor or audit AI usage and outputs.

Data privacy and a platform approach are top priorities

When asked about their cyber security technology preferences, respondents highlighted the importance of data privacy and a platform approach. Notably, 84% reported that they prefer solutions that don’t require external data sharing, while 87% indicated they prefer a platform approach over implementing a collection of point solutions.

Cloud and network security seen as key areas for future impact of AI

When asked to look ahead at the future impact of AI in cyber defence, cloud security (66%) and network security (55%) are identified as two domains where cyber security professionals expect defensive AI to have the biggest impact.

“The integrity and reliability of IT systems are under increasing pressure as adversaries harness Generative AI to amplify their attacks,” said Jon Mendoza, CISO of Technologent. “The rapid evolution of AI-powered threats is forcing security teams to rethink their defensive strategies as traditional cyber security measures can no longer match the speed, scale and sophistication of modern attacks.”

Mendoza added: “To stay ahead, organisations must integrate AI-driven security solutions that not only detect and respond to threats, but proactively anticipate them. True resilience comes not just from deploying AI, but also from empowering security teams with the knowledge and tools they require to wield it effectively.”

Further, Mendoza noted: “A security platform built on actionable intelligence and hyper-automation is essential for containing threats and minimising the blast radius of attacks. In today’s ever-evolving threat landscape, AI isn’t just an advantage. It’s a fundamental necessity.”

*Download the full 2025 State of AI Cyber Security Report online