A staggering 89 percent of UK cybersecurity professionals believe that AI is more beneficial to cybercriminals than to defenders.
This finding comes from the latest State of the Security Profession report by the Chartered Institute of Information Security (CIISec). With only 54 per cent stating that AI will aid defenders more than attackers, this highlights a growing concern within the industry.
Despite of increasing AI-driven cyber threats, 44 per cent of cyber experts reported that their organisations lack adequate policies or understanding of the risks AI poses, and 85 per cent are still considering adopting it.
AI and machine learning are expected to be one of the most influential technologies in cybersecurity by 2025, with 51 per cent of respondents identifying them as critical, far outpacing technologies like zero trust, which only 7 per cent cited.
CIISec CEO Amanda Finch notes: “Whilst the AI revolution will undoubtedly benefit many business functions, it’s presenting more questions than answers for cyber security professionals. There’s a huge risk of both cyber criminals weaponising the technology and employees with a lack of risk awareness inadvertently leaving their organisation vulnerable when using it.”
Andy Ward, SVP of Absolute Security commented: "As AI-fuelled attacks grow more complex, taking proactive steps to protect sensitive data and address cyber related risks is crucial. In fact, our research suggests that over half of CISOs feel their security team are unprepared for evolving AI-powered threats."
"While AI opens up good opportunities for workforce development, prioritising cyber resilience must be a top priority, not an afterthought. A breach that exposes customer or employee data can cause lasting harm, which is why organisations need to focus on threat detection, prevention, and readiness to defend against attacks. Organisations can gain a competitive edge through AI, but they must also implement a robust cyber resilience structure to safeguard vulnerabilities. We must harness AI as a force for resilience, not just a tool for attackers.”
Beyond AI, the report reveals broader challenges in the industry, with budgets not keeping pace with the complexity of threats. Though average cybersecurity salaries have grown, over half of professional’s report difficulty sleeping due to job stress, and 80 per cent feel that budgets are flat or inadequate. Many fear this could lead to a lack of progress period, limiting the industry’s capacity to respond to evolving threats effectively.
The report also highlights diversity and recruitment concerns, with only 19 per cent of entry-level hires coming from non-degree backgrounds and just 10 per cent of the workforce being women. Skills shortages, especially in analytical and problem-solving, pose an additional barrier. Finch advocates for broadening recruitment to prioritise skills over formal qualifications, stressing that bridging this gap is crucial as the industry faces increasingly sophisticated AI-driven threats. Retaining talent through better support and career progression will also be essential for building a resilient cybersecurity workforce for the future.