A day seldom passes without any exposure to the term artificial intelligence (AI). But when our survey team conceptualized this topic, we were stunned to learn that there wasn’t much publicly available information that documented end users’ perspectives on the impact of AI on organizations’ cybersecurity efforts.

So, we’re pleased to share our comprehensive findings — and help answer the critical question: What value does AI bring to cybersecurity?

The Ponemon Institute 2018 Artificial Intelligence (AI) in Cyber-Security Study, sponsored by IBM Security, includes detailed and high-level cybersecurity discoveries, as well as a comprehensive look at the impact of AI technologies on application security testing. Here are our top 10 key findings from the study.

1. AI Could Help Cut Costs

For organizations across a wide variety of industries and geographies, the estimated average cost of addressing potential cyber exploits without AI is more than $3 million. Companies who are using AI, by contrast, spent an average of $814,873 on the same threats. Thus, a company can potentially save an average of $2.5 million in operating costs by utilizing AI technology.

2. AI May Minimize Data Breaches

When asked about the estimated likelihood of a data breach affecting more than 10,000 sensitive customer or consumer records at their organizations, 40 percent of respondents estimated that the probability was greater than 20 percent if they didn’t leverage AI technologies. However, a mere 2 percent of respondents estimated that the likelihood was greater than 20 percent when AI technologies were leveraged.

3. Organizations Plan to Increase AI Investment

Organizations expect to increase their investment in AI. As AI technology matures, investments will grow, according to 61 percent of respondents.

4. AI May Improve Productivity

Sixty percent of respondents were positive about the ability of AI-based security technologies to improve the productivity of their IT security personnel.

5. AI-Based Technologies Provide Deeper Security

Sixty percent of respondents stated that AI-based technologies provided deeper security than what humans alone could offer. However, only 34 percent of respondents said that the use of AI would decrease the workload of their IT security personnel.

6. AI Supports Identification and Authentication Technologies

AI provided the most support for technologies that identified and authenticated users. Sixty-five percent of respondents stated that AI supported technologies that identified and authenticated their users, and 54 percent of respondents noted that AI was utilized with technologies that provided security intelligence about network traffic and entities.

7. Speed Is the Most Significant Benefit of AI

Sixty-nine percent of respondents stated that the most significant benefit of AI was the ability to increase their speed in analyzing threats. This was followed by 64 percent of respondents who said the most significant advantage was the acceleration in the containment of infected endpoints and devices and hosts.

8. Human Supervision Is Still Required

Human supervision is still required when dealing with alerts. Respondents estimated that an average of 45 percent of alerts could be handled by AI without human supervision. On average, 41 percent of previously “undetectable” zero-day exploits can be detected because of AI.

9. AI Helps Identify Application Security Vulnerabilities

Sixty percent of respondents stated that AI identified their application security vulnerabilities — and a firm majority (59 percent) of respondents noted that AI increased the effectiveness of their organizations’ application security activities.

10. AI Saves Investigation and Detection Time

Respondents estimated that investigating and detecting application vulnerabilities took, on average, 195.88 labor hours per week when not facilitated by AI, but took, on average, 70.48 labor hours per week when facilitated by AI — saving organizations 125.40 labor hours per week on average.

If we further estimate that security analysts work an average of 40 hours per week, that’s an estimated saving of more than three full-time equivalents (FTEs) per week.

Download the Ponemon Institute Study to Learn More

Our study is chock-full of compelling results about the impact of AI on cybersecurity. Click here to download your complimentary copy now.

Finally, check out and share our new infographic. You’ll learn how your Security Operations Center (SOC) team can leverage AI to detect and respond to potential security incidents more effectively and consistently.

More from Artificial Intelligence

How AI can be hacked with prompt injection: NIST report

3 min read - The National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, NIST defines various adversarial machine learning (AML) tactics and cyberattacks, like prompt injection, and advises users on how to mitigate and manage them. AML tactics extract information…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

How I got started: Cyber AI/ML engineer

3 min read - As generative AI goes mainstream, it highlights the increasing demand for AI cybersecurity professionals like Maria Pospelova. Pospelova is currently a senior data scientist, and data science team lead at OpenText Cybersecurity. She also worked at Interset, an AI cybersecurity company acquired by MicroFocus and then by OpenText. She continues as part of that team today. Did you go to college? What did you go to school for? Pospelova: I graduated with a bachelor’s degree in computer science and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today