Report: 78 Percent of CISOs Seeing Significant Impact from AI-Powered Cyber Threats

Darktrace recently unveiled its 2025 State of AI Cybersecurity report. The findings reveal that 78% of Chief Information Security Officers (CISOs) surveyed say that AI-powered threats are having a significant impact on their organizations, a 5% increase1 from 2024. While an increasing number of CISOs report feeling a significant impact from AI threats, more than 60% now say that they are adequately prepared to defend against these threats, an increase of nearly 15% year-over-year. However, insufficient AI knowledge and skills and a shortage of personnel and talent continue to be listed as the two top inhibitors to a successful defense.

"The impact of AI on cybersecurity is clear and increasing. There are more employees and enterprise applications using AI that must be protected. Adversaries are using it to make their attacks more targeted, scalable, and successful. All of this is unfolding in a highly volatile geopolitical environment that is creating more uncertainty," said Jill Popelka, CEO, Darktrace. "There has never been a more urgent need for AI in the SOC to augment teams and pre-empt threats so organizations can build their cyber resilience. That's why Darktrace continues to invest in new innovations to help customers manage risk and thrive in this new era of AI threats."

The second annual report surveyed over 1,500 cybersecurity professionals holding roles ranging from CISO to IT security managers, IT security analysts and incident responders, across 14 different countries.

Key findings from the report include:

  • The increasing impact of AI-powered threats: This year, 78% of CISOs surveyed agreed that AI-powered cyber threats are having a significant impact on their organization, up 5% from 2024. AI combined with the increase of cybercrime-as-a-service and automation is increasing the sophistication and diversity of attack techniques faster than ever – from AI-enhanced phishing campaigns to evolving ransomware strains.
  • A gap between confidence in AI and comprehension of how it can be best deployed: 95% of all cybersecurity professionals surveyed believe AI can improve the speed and efficiency of their ability to prevent, detect, respond and recover from threats, but significant knowledge gaps persist. Only 42% reported that they fully understand the types of AI in their current security stack. The gap increases across different roles, with 60% of CISOs reporting they know exactly what AI types are used versus 10% of IT security analysts/operators and 14% of IT security administrators. Moreover, two of the top three inhibitors reported to defending against AI-powered threats include insufficient knowledge or use of AI-driven countermeasures and insufficient knowledge/skills pertaining to AI technology.
  • Teams are turning to AI to navigate talent and skills shortages: Despite respondents citing insufficient personnel to manage tools and alerts as the greatest inhibitor to defending against AI-powered threats, only 11% reported that they plan to increase cybersecurity staff in 2025, down from last year. AI is seen by this group as essential to augment human team members, with 64% reporting that they plan to add AI-powered solutions to their security stack in the next year and 88% reporting that the use of AI is critical to free up time for security teams to become more proactive.
  • Managing risk is a priority, but more action is needed: 95% of all respondents report that their organization is either currently discussing (50%) or has already implemented (45%) a formal policy for safe and secure use of AI. This varies regionally and by industry. 52% of organizations in North America and 43% of organizations in EMEA report having a formal policy in place. Organizations in the financial services, retail and technology sectors globally report the highest level of policies currently in place. At the same time, only 45% of respondents report that they have a formal AI oversight and governance function and only 37% report that they regularly monitor or audit AI usage and outputs.
  • Data privacy and a platform approach are top priorities: When asked about their cybersecurity technology preferences, respondents highlighted the importance of data privacy and a platform approach. Notably, 84% reported that they prefer solutions that don't require external data sharing and 87% indicated they prefer a platform approach over implementing a collection of point solutions.
  • Cloud and network security seen as key areas for future impact of AI: When asked to look ahead at the future impact of AI in cyber defense, cloud security (66%) and network security (55%) are identified as two domains where cybersecurity professionals expect defensive AI to have the biggest impact.

"The integrity and reliability of IT systems are under increasing pressure as adversaries harness Generative AI to amplify their attacks. The rapid evolution of AI-powered threats is forcing security teams to rethink their defensive strategies, as traditional cybersecurity measures can no longer match the speed, scale, and sophistication of modern attacks,” said Jon Mendoza, CISO of Technologent, a global provider of IT solutions and services for Fortune 1000 companies. “To stay ahead, organizations must integrate AI-driven security solutions that not only detect and respond to threats but proactively anticipate them. True resilience comes not just from deploying AI but from empowering security teams with the knowledge and tools to wield it effectively. A security platform built on actionable-intelligence and hyper-automation is essential to containing threats and minimizing the blast radius of attacks. In today’s ever-evolving threat landscape, AI isn’t just an advantage—it’s a fundamental necessity."

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.