The State of AI in Cybersecurity Report by StrongDM

Artificial intelligence is reshaping industries across the board, and cybersecurity is no exception. But as AI evolves, so do the threats that keep cybersecurity professionals up at night. Just how serious is the concern? According to a StrongDM survey of 600 cybersecurity professionals, AI-driven threats are emerging as one of the top concerns for the future of cybersecurity. Here’s what we discovered.

Summary of Our Key Findings:

76% of Cybersecurity Professionals Believe AI Should be "Heavily Regulated"

As AI capabilities grow, so do concerns about its potential misuse. We wanted to see how professionals feel about the need for AI regulation.

A substantial 76% of respondents agree that AI should be "heavily regulated" to prevent misuse and mitigate potential risks. However, 15% of respondents disagreed, suggesting that over-regulation could stifle innovation and slow down AI’s potential to revolutionize cybersecurity defenses.

This highlights a critical balance between safety and progress. Clear guidelines are needed to prevent AI abuse while still enabling technological growth. The industry must find a middle ground that ensures security without hindering innovation.

87% of Cybersecurity Professionals Are Concerned About AI-Driven Threats

AI is becoming a key part of cybersecurity, but it's also fueling concerns about new kinds of attacks. We wanted to see how worried professionals are about AI-driven threats.

The vast majority of survey respondents—87%—express concerns about the rise of AI-powered attacks. Among them, 39% are "very concerned," pointing to the immediate and significant risks that AI presents. Meanwhile, 48% are "somewhat concerned," recognizing both the opportunities and risks AI brings to the table.

Only a small fraction—7%—believe that AI will enhance security more than it harms, and a mere 6% don’t see AI having a substantial impact on cybersecurity at all. 

These numbers show that while AI helps with defense, it also creates risks that can’t be ignored. Organizations need to be ready with better strategies to stay ahead.

Malware and Data Breaches Top the List of AI-Driven Threats

AI makes cyber threats faster and smarter. We wanted to know which threats worry cybersecurity pros the most.

According to the survey, malware and data breaches are the top dangers AI introduces.

• 33% of respondents identified AI-driven malware as their biggest concern, highlighting how AI can create more evasive and sophisticated forms of ransomware.
• 30% flagged AI as a major enabler of data breaches, citing the technology’s ability to identify and exploit vulnerabilities faster than traditional methods.
• 22% raised alarms about AI’s potential to enhance phishing attacks, making them more convincing and harder to detect.
• 15% pointed to insider threats, where AI could be used to manipulate and exploit weaknesses within organizations.

This shows that AI is reshaping attack methods, making them more dangerous. Companies need proactive measures to handle these evolving risks.

Only 33% of Cybersecurity Pros Are Very Confident In Their Defense Against AI-Driven Threats

AI-powered attacks are outpacing current defenses. We asked professionals how confident they feel about their ability to respond.

Only 33% of cybersecurity professionals feel "very confident" in their organization’s ability to fend off AI-driven attacks. The majority—46%—expressed a cautious "somewhat confident" outlook, admitting there’s room for improvement. However, a concerning 17% believe their organizations are far behind and unprepared for what’s coming.

This lack of confidence underscores the need for stronger defenses and more robust strategies tailored to the evolving AI landscape.

65% of Companies Are Not Fully Prepared for AI-Driven Cyberattacks

Being ready for AI-driven threats requires solid investment and strategy. We wanted to know how prepared companies really are.

Corporate readiness for AI threats is another area where the survey revealed serious gaps. While 32% of respondents said their companies are actively investing in AI defenses, 48% acknowledge that "there’s still a lot of work to be done." This points to a significant number of organizations still playing catch-up when it comes to building comprehensive AI-driven threat defenses.

17% feel their companies are "far behind," and the need to ramp up efforts is urgent. These professionals are calling for more investment and training to prepare for the future of AI-augmented cyber threats.

This gap in readiness is a serious issue. Companies need to act fast to handle AI-driven threats.

2 in 3 Cybersecurity Professionals Feel Optimistic About AI's Impact on Jobs

AI isn’t just a looming threat—it’s also poised to reshape the cybersecurity workforce. The survey found that many professionals see AI as a tool that will enhance, not replace, jobs in the field. 

40% believe that "AI will enhance but not replace jobs," reflecting a positive outlook on the evolving role of technology in the field. Additionally, 25% see the potential for AI to create new job opportunities within cybersecurity.

However, not all respondents share this optimism. 30% expressed concerns that AI could replace many cybersecurity jobs, fueling anxieties about the future.

When asked about concerns regarding AI-driven automation leading to job cuts, 40% reported being "somewhat concerned," while 22% were "very concerned." However, 21% indicated they are "not concerned," and 17% expressed optimism that AI will bring new opportunities.

Even with worries about job loss, many see AI as a tool to support and improve their work. This positive outlook suggests that adapting to AI could lead to growth in the field.

Methodology
StrongDM surveyed 600 US-based cybersecurity workers in October 2024. The survey was completed online via Pollfish, and responses were random, voluntary, and completely anonymous.