Global company leaders see emerging Artificial Intelligence (AI) and machine learning (ML) technologies as the biggest looming threat to cybersecurity. They are focusing future cyber investments on detection and prevention rather than remediation, according to new survey research from Information Services Group (ISG), a leading global technology research and advisory firm.
Interestingly, both AI and ML are hot technologies at present. A report by Grand View Research pegged the global AI market size at $136.55 billion in 2022 and is projected to expand at a compound annual growth rate (CAGR) of 37.3% from 2023 to 2030. The global ML market was valued at $36.73 billion in 2022 and is expected to grow at a compound annual growth rate (CAGR) of 34.8% from 2023 to 2030.
The ISG Cybersecurity Buyer Behaviour Study of more than 200 global IT and enterprise executives found that 95 per cent of respondents reported multiple cyberattacks and incidents in their companies over the previous 12 months. The most common incidents were phishing, cited by three-quarters (74 per cent) of respondents, malware (60 per cent) and software vulnerabilities, which affected 50 per cent of survey participants.
The study also found phishing, ransomware and third-party vulnerabilities were the most challenging attacks for responding enterprises to remediate.
“The number-one security risk organisations expect over the next two years is the evolving threat from AI and ML, listed as a top threat by 56 per cent of respondents,” said Alex Bakker, ISG Distinguished Analyst and author of the study. “Even as they face ongoing phishing and software-related attacks, senior enterprise leaders are doubling down on prevention over remediation as they prepare for more sophisticated and harder-to-detect attacks.”
The perceived risk from AI and machine learning is particularly strong in banking and financial services firms, where nearly 80 per cent of participants highlighted emerging technology as a top-three challenge. Ransomware and cloud-based threats also remain an important focus for 46 per cent and 45 per cent of security decision-makers in all industries, respectively.
The average security budget increased by 4.64 per cent in 2023 over 2022against an ever-wider set of priorities for CISOs and their teams. The study found that typical security budgets are around 0.8 per cent of overall organisational revenue, rising to one per cent of revenue for the largest organisations (those with 100,000 or more employees). While other department budgets are decreasing by approximately seven per cent year-on-year, annual security budgets continue to increase at around four to five per cent per annum.
In terms of future mitigation, companies were most likely to focus on protection and increased training rather than improvements to response and recovery. Around half of enterprise budgets are allocated for threat detection and prevention (approximately 25 per cent each), and 30 per cent is allocated to response and recovery.
”