Nine in every 10 (89%) of IT leaders are concerned that flaws in generative AI cybersecurity tools could put their organisation at risk, even if two-thirds 65% have adopted generative AI capabilities, according to a report from Sophos.
Sophos commissioned independent research specialist Vanson Bourne to survey 400 IT security decision makers in enterprises with between 50 and 3,000 employees in November 2024.
All respondents worked in the private or charity/not-for-profit sector and currently use endpoint security solutions from 19 separate vendors and 14 MDR providers.
Additionally, new Sophos X-Ops research found that, while there’s still skepticism about generative AI, some criminals are using it to automate mundane tasks, such as crafting bulk emails and analysing data. Others are incorporating it into spam and social engineering toolkits.
“We have not actually taught the machines to think; we have simply provided them the context to speed up the processing of large quantities of data,” said Chester Wisniewski, director of global field CTO, Sophos.
“The potential of these tools to accelerate security workloads is amazing, but it still requires the context and comprehension of their human overseers for this benefit to be realised,” said Wisniewski.
With some form of AI embedded in the cybersecurity infrastructure of 98% of enterprises surveyed, IT leaders expressed concern about potential over-reliance on AI, with 87% of respondents stating they were concerned about a resulting lack of cybersecurity accountability.
Different-sized enterprises expressed different priorities for utilising generative AI. While large firms (those with more than 1,000 employees) are prioritising improved protection, respondents with 50-99 employees rated reducing burnout as their top desired benefit from generative AI tools.
However, complicating matters, across all sizes of enterprises, 84% of leaders surveyed said they were concerned about pressure to reduce cybersecurity professional headcount due to unrealistic expectations about AI’s abilities to replace human operators.
Findings also show that 75% of IT leaders agree that the costs of generative AI in cybersecurity products are hard to quantify.
Also, while 80% of IT leaders believe that generative AI will significantly increase the cost of cybersecurity tools, most enterprises believe it offers a path to lowering overall cybersecurity expenditure with 87% of respondents believing the savings of generative AI will offset the costs.