Generative AI (GenAI) is quickly becoming a key player in cybersecurity, but not always in the way businesses hope. While it’s helping companies defend against cyberattacks, it’s also being turned against them. A new report from Splunk reveals that hackers use AI to make their attacks smarter, more frequent, and harder to detect. The technology meant to protect us also gives criminals new ways to bypass defenses, and it’s a growing concern for security teams everywhere.
The rise of GenAI in defense and attack is causing a significant shift in the cyber landscape. More than half of security experts (52 percent) say they’re using AI to tackle cyber threats, but it’s clear that the technology is being exploited on both sides. The gap between how board members and CISOs (Chief Information Security Officers) view the situation is widening, with only one-third of board members recognizing the full potential of GenAI. As cyberattacks grow in scale and complexity, security leaders are racing to keep up, battling budget limitations and the ongoing skills shortage.
A disconnect in cybersecurity priorities
One of the report’s most striking findings is the disconnect between the perspectives of CISOs and board members. While over half of security experts prioritize using GenAI and other emerging technologies to combat cyber threats, only a third of board members share the same urgency.
This disconnect isn’t just about opinion—it’s also impacting cybersecurity budgets. Just 29 percent of CISOs feel they’re given enough financial support to protect their companies, while 41 percent of board members believe the budget is sufficient. This mismatch is seen as a significant risk factor, with 64 percent of CISOs linking a lack of resources to the rise in cyberattacks.
GenAI, a double-edged sword for cybersecurity
While GenAI enhances security measures, it also empowers hackers. The report highlights how cybercriminals use AI to refine existing attacks, increase their frequency, and even invent new types of threats.
This ability to evolve and adapt has made AI-powered attacks one of the top concerns for CISOs. Thirty-six percent of security professionals say that AI-driven attacks are their biggest worry. The speed and sophistication of these threats make traditional defenses seem less effective, pushing businesses to rethink how they protect themselves.
Education and awareness are key.
Despite the advancements in AI and technology, human awareness still plays a huge role in defending against cyberattacks. Greg Clark from OpenText Cybersecurity pointed out that employees are the first line of defense against phishing and insider attacks. Training employees to recognize these risks is crucial as cybercriminals grow more sophisticated. Additionally, 91 percent of security experts are increasing training for legal and compliance teams, ensuring everyone understands the risks and can help mitigate them.
Practical cybersecurity tips for small businesses
Smaller businesses or those just starting to prioritize cybersecurity can benefit greatly from simple steps. The most important thing is to ensure strong passwords and multi-factor authentication (MFA) are in place—80 percent of data breaches occur because of poor password management. Ensure your team understands the importance of strong, unique passwords, and consider using password managers to keep them secure. Regular employee training is also essential to help everyone spot potential threats before they cause damage. And lastly, don’t forget to assess the security of third-party vendors. A weak link in your supply chain can expose you to risks, as seen in high-profile attacks involving third-party vulnerabilities.
Staying one step ahead is crucial as cyberattacks continue to evolve. Big and small businesses need to prioritize technology and human awareness to avoid becoming the next target.