
Brian Sims
Editor
Brian Sims
Editor
CYBER SECURITY teams are adopting a cautious approach towards Artificial Intelligence (AI) in the midst of much industry hype coupled with mounting pressure from business leaders to accelerate its adoption. That’s according to the results of a new survey conducted by ISC2.
While AI is widely promoted as a game-changer for security operations, only a small proportion of practitioners have integrated these tools into their daily workflows, with many remaining hesitant due to concerns over privacy, oversight and unintended risks.
Many Chief Information Security Officers (CISOs) remain cautious about AI adoption, citing concerns around privacy, oversight and the risks of moving too quickly. A recent survey of over 1,000 cyber security professionals found that just 30% of cyber security teams are currently using AI tools in their daily operations, while 42% are still evaluating their options. Only 10% said they have no plans to adopt AI at all.
Adoption is most advanced in industrial sectors (38%), IT services (36%) and professional services (34%). Larger organisations with more than 10,000 employees are further ahead on the adoption curve, with 37% of them actively using AI tools.
In contrast, smaller businesses (particularly so those with fewer than 99 members of staff or between 500 and 2,499 employees) show the lowest uptake, with only 20% using AI. Among the smallest organisations, 23% say they have no plans to evaluate AI security tools at all.
Potential versus escalating risks
Andy Ward, senior vice-president for international business at Absolute Security, commented: “The ISC2 research echoes what we’re hearing from CISOs globally. There’s real enthusiasm for the potential of AI in cyber security, but also a growing recognition that the risks are escalating just as fast. Our own research shows that over one-third (34%) of CISOs have already banned certain AI tools like DeepSeek entirely, driven by fears of privacy breaches and loss of control.”
Ward continued: “AI offers huge promise to improve detection, speed up response times and strengthen defences, but without robust strategies for cyber resilience and real-time visibility, organisations risk sleepwalking into deeper vulnerabilities. As attackers leverage AI to reduce the gap between vulnerability and exploitation, our defences must evolve with equal urgency. Now is the time for security leaders to ensure their people, processes and technologies are aligned or they risk being left dangerously exposed.”
Arkadiy Ukolov, co-founder and CEO at Ulla Technology Ltd, commented: “It’s no surprise to see security professionals taking a measured and somewhat cautious approach towards AI. While these tools bring undeniable efficiencies, privacy and control over sensitive data must come first. Too many AI solutions today operate in ways that risk exposing confidential information through third party platforms or unsecured systems.”
Ukolov continued: “For AI to be truly fit for purpose in the cyber security space, it must be built on ‘privacy first’ foundations whereby data remains under the user’s control and is processed securely within an enclosed environment. Protecting sensitive information demands more than advanced tech alone. It also demands ongoing staff awareness, training on AI’s use and a robust infrastructure that doesn’t compromise security.”
Benefits to be realised
Despite this caution, where AI has been implemented, the benefits are clear. 70% of those already using AI tools report positive impacts on their cyber security team’s overall effectiveness. Key areas of improvement include network monitoring and intrusion detection (60%), endpoint protection and response (56%), vulnerability management (50%), threat modelling (45%) and security testing (43%).
Looking ahead, AI adoption is expected to have a mixed impact on hiring. Over 50% of cyber security professionals believe that AI will reduce the need for entry-level roles by automating repetitive tasks.
However, 31% anticipate that AI will create new opportunities for junior talent or demand new skill sets, helping to rebalance some of the projected reductions in headcount. Encouragingly, 44% said their hiring plans have not yet been affected, although the same proportion report that their organisations are actively reconsidering the skills and roles required to manage AI technologies.
Dorset House
64 High Street
East Grinstead
RH19 3DE
UNITED KINGDOM
01342 31 4300