AlixPartners for youNewsroomOur firmContactAlumniAccessibility tools
What we doOur peopleCareersInsights

Artificial intelligence (AI) is a double-edged sword in cybersecurity. While it may pose a threat to organizations if left uncontrolled, it also offers powerful defensive tools to ward off cyber attacks.

Last year, we explored the cybersecurity threats posed by AI in our article “Top cybersecurity risks to consider in a world rapidly embracing AI,” highlighting the risks associated with this emerging technology. This year, we look at the other side of the discussion: how AI can enhance defenses in cybersecurity products and software. 

The debate over whether defenders can successfully counter attackers remains narrowly divided. A recent survey among global business and cyber leaders (Figure 1) found that 56% of respondents expect generative AI to provide an overall advantage to attackers in the next two years, while 44% anticipate the balance between attackers and defenders to remain equal or lean in favor of defenders. 

How do cybersecurity companies currently utilize AI? 

Despite the debate around AI’s net impact on security, it is clear that cutting-edge cybersecurity tools powered by AI are making defense significantly smarter, and cybersecurity has been an adopter of AI even in its earliest forms. The new and complex risks that AI has introduced also create an opportunity for cybersecurity companies to provide solutions and services to defend against potential attacks. 

A comprehensive analysis of fifteen major U.S.-based, publicly traded cybersecurity companies (with annual revenues exceeding $500 million) reveals a unanimous embrace of AI. All these companies have developed and launched AI-driven solutions applying artificial narrow intelligence (ANI) and artificial general intelligence (AGI) technologies, which differentiate as follows: 

Artificial narrow intelligence: 

Most cybersecurity companies have developed a form of ANI, which performs a narrow set of tasks within specific, defined contexts (e.g., data, vulnerability, etc.). Use cases of ANI include:  

  1. Data and insights: ANI applications can transform network and communication data into actionable insights to boost business outcomes. They can also automate security policy enforcement to reduce manual efforts. 
  2. Vulnerability and risk management: Through ANI, companies can more effectively ingest vulnerability and risk data, prioritize security vulnerabilities based on risk, provide analysis, and highlight critical issues that need immediate attention. 
  3. Identity and access management: ANI provides real-time identity verification and management on context. It can access review support and anomaly detection, ensuring secure access to systems and applications. 
  4. AI assistant and automation: ANI allows users to ask plain-language questions, enhancing user interactions and making security operations more efficient. 
  5. Threat detection and response: ANI helps companies to identify, analyze, and respond to cybersecurity threats with greater accuracy, reducing false positives and streamlining security operations. 

Artificial general intelligence: 

AGI is the next level of AI utilization for cybersecurity. It has cognitive, human-like capabilities that can be implemented across multiple domains (e.g., monitoring and response). Use cases of AGI include: 

  1. Automated response: Security teams typically operate across multiple platforms to handle response tickets. AI can function as a security operations engineer, handling “Tier 2” tasks around event monitoring and light remediation efforts. 
  2. Threat hunting: Based on the information AI understands about an environment, it can proactively scour the Dark Web and search for and report on emerging threats. 
  3. Governance, risk, and compliance audits: AI may serve as an intermediary between cybersecurity teams and processes. It can perform configuration validations, map controls against defined frameworks, and make recommendations based on gaps in the environment. 

The arms race between attackers and defenders is driving significant R&D investment 

In our experience, cybersecurity companies are allocating significantly more to R&D investment than their software counterparts, reflecting the dynamic and ever-evolving threat landscape. As shown in Figure 3, cybersecurity companies continue to invest 22% of their revenue in R&D compared to the broader software industry average of 19%. We believe this investment is crucial to maintaining a competitive edge in terms of AI capabilities.  

 

Figure 4 highlights the diverse levels of R&D spending and revenue growth within top cybersecurity players. The data suggests a correlation between the two, driven by each company's unique product offerings and varying stages of growth.

Keys to success for cybersecurity AI investments 

Cybersecurity companies must adopt a comprehensive approach to AI adoption that considers product development, go-to-market strategies, and operations. To accelerate AI deployment and drive business growth, investors and industry players should prioritize the following areas: 

  • Targeted R&D investment: Given the intense competition for market share, cybersecurity companies should focus their AI-driven technology investments in areas where they can differentiate themselves and have a greater chance of commercial success. For example, AI investments in network and endpoint security are a better choice than cloud security, which is well covered by hyperscalers.  
  • Talent strategy for specialized AI roles: To address the cybersecurity and AI talent shortage, cybersecurity companies need a clear talent acquisition strategy for both R&D and sales and marketing roles. Specifically, industry players need to develop sales specialists and solution engineers that specialize in AI technologies and can effectively communicate the technical and strategic benefits of AI solutions. 
  • Redesigned sales and customer success motions around AI value proposition: Instead of pushing AI-based solutions to all customers, cybersecurity players need to adopt a targeted and consultative selling approach focused on high-value prospects. Clearly articulating the unique AI features of their products and demonstrating how they integrate with existing security infrastructure is essential. 

In the face of advancing artificial intelligence capabilities, the cybersecurity industry is poised for continued rapid growth. Proactive organizations can capitalize on this opportunity by implementing a multifaceted approach that incorporates deliberate R&D investments, people-centric measures, and a strategically aligned go-to-market strategy and sales motion. 

Authors