Report: 78 Percent of CISOs Seeing Significant Impact from AI-Powered Cyber Threats

Darktrace recently unveiled its 2025 State of AI Cybersecurity report. The findings reveal that 78% of Chief Information Security Officers (CISOs) surveyed say that AI-powered threats are having a significant impact on their organizations, a 5% increase1 from 2024. While an increasing number of CISOs report feeling a significant impact from AI threats, more than 60% now say that they are adequately prepared to defend against these threats, an increase of nearly 15% year-over-year. However, insufficient AI knowledge and skills and a shortage of personnel and talent continue to be listed as the two top inhibitors to a successful defense.

"The impact of AI on cybersecurity is clear and increasing. There are more employees and enterprise applications using AI that must be protected. Adversaries are using it to make their attacks more targeted, scalable, and successful. All of this is unfolding in a highly volatile geopolitical environment that is creating more uncertainty," said Jill Popelka, CEO, Darktrace. "There has never been a more urgent need for AI in the SOC to augment teams and pre-empt threats so organizations can build their cyber resilience. That's why Darktrace continues to invest in new innovations to help customers manage risk and thrive in this new era of AI threats."

The second annual report surveyed over 1,500 cybersecurity professionals holding roles ranging from CISO to IT security managers, IT security analysts and incident responders, across 14 different countries.

Key findings from the report include:

  • The increasing impact of AI-powered threats: This year, 78% of CISOs surveyed agreed that AI-powered cyber threats are having a significant impact on their organization, up 5% from 2024. AI combined with the increase of cybercrime-as-a-service and automation is increasing the sophistication and diversity of attack techniques faster than ever – from AI-enhanced phishing campaigns to evolving ransomware strains.
  • A gap between confidence in AI and comprehension of how it can be best deployed: 95% of all cybersecurity professionals surveyed believe AI can improve the speed and efficiency of their ability to prevent, detect, respond and recover from threats, but significant knowledge gaps persist. Only 42% reported that they fully understand the types of AI in their current security stack. The gap increases across different roles, with 60% of CISOs reporting they know exactly what AI types are used versus 10% of IT security analysts/operators and 14% of IT security administrators. Moreover, two of the top three inhibitors reported to defending against AI-powered threats include insufficient knowledge or use of AI-driven countermeasures and insufficient knowledge/skills pertaining to AI technology.
  • Teams are turning to AI to navigate talent and skills shortages: Despite respondents citing insufficient personnel to manage tools and alerts as the greatest inhibitor to defending against AI-powered threats, only 11% reported that they plan to increase cybersecurity staff in 2025, down from last year. AI is seen by this group as essential to augment human team members, with 64% reporting that they plan to add AI-powered solutions to their security stack in the next year and 88% reporting that the use of AI is critical to free up time for security teams to become more proactive.
  • Managing risk is a priority, but more action is needed: 95% of all respondents report that their organization is either currently discussing (50%) or has already implemented (45%) a formal policy for safe and secure use of AI. This varies regionally and by industry. 52% of organizations in North America and 43% of organizations in EMEA report having a formal policy in place. Organizations in the financial services, retail and technology sectors globally report the highest level of policies currently in place. At the same time, only 45% of respondents report that they have a formal AI oversight and governance function and only 37% report that they regularly monitor or audit AI usage and outputs.
  • Data privacy and a platform approach are top priorities: When asked about their cybersecurity technology preferences, respondents highlighted the importance of data privacy and a platform approach. Notably, 84% reported that they prefer solutions that don't require external data sharing and 87% indicated they prefer a platform approach over implementing a collection of point solutions.
  • Cloud and network security seen as key areas for future impact of AI: When asked to look ahead at the future impact of AI in cyber defense, cloud security (66%) and network security (55%) are identified as two domains where cybersecurity professionals expect defensive AI to have the biggest impact.

"The integrity and reliability of IT systems are under increasing pressure as adversaries harness Generative AI to amplify their attacks. The rapid evolution of AI-powered threats is forcing security teams to rethink their defensive strategies, as traditional cybersecurity measures can no longer match the speed, scale, and sophistication of modern attacks,” said Jon Mendoza, CISO of Technologent, a global provider of IT solutions and services for Fortune 1000 companies. “To stay ahead, organizations must integrate AI-driven security solutions that not only detect and respond to threats but proactively anticipate them. True resilience comes not just from deploying AI but from empowering security teams with the knowledge and tools to wield it effectively. A security platform built on actionable-intelligence and hyper-automation is essential to containing threats and minimizing the blast radius of attacks. In today’s ever-evolving threat landscape, AI isn’t just an advantage—it’s a fundamental necessity."

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.