The rapid adoption of artificial intelligence (AI) is increasingly seen as pivotal to bolstering cybersecurity resilience amid escalating threats, yet a significant gap persists between recognition and implementation. A comprehensive study conducted by MeriTalk and the RSA Conference reveals a complex landscape where enthusiasm for AI’s potential in cybersecurity is tempered by cautious implementation and trust issues.
The research, drawing on both qualitative insights from five senior cybersecurity leaders and quantitative data from 200 decision-makers across federal and private sectors, highlights a pressing consensus: 80% of cybersecurity leaders deem accelerating AI adoption critical to their organizations' defensive capabilities. However, only 31% of these organizations currently utilize AI technologies.
Despite the general consensus on the importance of AI, there is significant hesitancy when it comes to handing over complete control. Only 20% of cybersecurity professionals fully trust AI to autonomously make cybersecurity decisions. The preferred model emerging from the study suggests a collaborative approach where humans and AI work in tandem. Most leaders envision AI handling data-intensive tasks such as cyber risk assessments and threat detection, while humans retain control over strategic planning, innovation, and governance.
The study also uncovers a worrying lack of preparedness for AI-driven cybersecurity threats, with just 30% of respondents feeling their organizations are adequately equipped. This gap is exacerbated by a shortage of skilled personnel capable of implementing AI solutions, concerns about the integrity and quality of data, and fears of heightened attacks targeting new AI models and services.
Policies governing AI use in cybersecurity also appear to be lagging, with less than half of the organizations having established formal guidelines for ethical considerations, program testing, or decision-making models. Furthermore, only 40% have policies tailored to protect critical infrastructure.
Integrating AI into Cybersecurity
Industry experts stress the importance of developing robust frameworks to safely integrate AI into cybersecurity operations. Nicole Burdette, a Principal at MeriTalk, emphasized that while AI applications such as machine learning and natural language processing are evolving from enhancements to necessities, the focus must now shift to implementing appropriate safeguards. “Organizations are already benefiting from AI in detecting vulnerabilities and speeding up response times to incidents. The next six to twelve months will be crucial in setting up the right guardrails to maximize these benefits while mitigating risks,” said Burdette.
Britta Glade, Vice President of Content & Curation at RSA Conference, echoed this sentiment, noting the transformative impact of AI on the industry. “We are just beginning to grasp the profound changes AI brings to our teams and tools. It's imperative that organizations strategically assess and define the limits and safeguards for AI integration into their workflows,” said Glade.
The findings reflect a dual narrative of optimism and caution among cybersecurity professionals regarding the future of human-AI collaboration. While the potential for AI to enhance efficiency, spur innovation, and strengthen security is broadly recognized, the concerns over safety, ethical implications, and responsible development loom large, outlining the complex journey ahead in harnessing AI's full potential in cybersecurity.
The following recommendations are made by the report to organizations in order to maximize the cyber impact of artificial intelligence:
- Start with more interpersonal interaction and teamwork
- Stress the need of an ongoing learning culture
- Analyze AI application cases in terms of risk, mission value, and technological maturity
- Include AI security right from the start
- Be realistic about expectations
- Prioritize comprehensive testing and assessments
- Embrace change
In the area of Government IT, MeriTalk’s editorial board, events staff, and research team generate news, analysis, and insights. An increasingly effective, responsive, and citizen-focused government is the aim. MeriTalk reaches out to 160,000 Federal community connections.
The RSA Conference is a worldwide gathering place for cybersecurity professionals to study all year long. The goal of the RSA Conference, which takes place both in-person and virtually, is to unite the cybersecurity community and enable ‘we’ to fend off global cyberthreats.
