Can artificial intelligence revolutionize IT security?

The rapid rise of digitization is changing the way businesses operate, offering immense opportunities but also significant challenges.

Active equities 16 Nov 2023 10 min read

Dr. Patrick Kolb

Senior portfolio manager, Thematic Equities

Key takeaways

Cyberattacks are becoming not only more and more frequent but also increasingly sophisticated, posing a serious threat to companies and individuals.
The ever-increasing number of IT security alerts puts a strain on professionals responsible for early detection and quick response to IT security risks.
The use of AI, particularly in areas such as security analytics, app security, vulnerability management, and data protection, has the potential to become a key milestone in ensuring IT security.

The digitization of our society is a megatrend that we believe is only going to accelerate in the next few years, leaving businesses and individuals susceptible to cyberattacks. The so-called “attack surface”¹, which is the number of possible points where an unauthorized user can access a system and extract data, has broadened, mainly due to increased connectivity, 5G, and the Internet of Things (IoT) in our view. In addition, working from home or, in fact, from anywhere, is becoming a natural part of our daily life, giving hackers more opportunities to exploit vulnerabilities. Cybercriminals are using more and more sophisticated methods, such as social engineering or supply chain attacks, to infiltrate networks.

What are the main IT security challenges today?

With the attack surface expanding, it is becoming more challenging for organizations to block potential threats quickly. IT security teams must focus on precise and rapid detection of cyberthreats, while also improving their response capabilities. The following factors are challenging IT organizations:²

Overburdened IT security analysts are forced to triage a flood of security alerts. According to a survey, nearly half of the analysts reported a false-positive rate of 50% or higher.
56% of large organizations deal with 1,000 or more security alerts daily.³ That puts IT security analysts in a difficult position because they can typically review only around ten security alerts per day.

Not surprisingly, IT security teams are at risk of getting fatigued and understaffed, which further adds to staff turnover. In addition, the amount of time needed to resolve cyberattacks is rising: according to a survey conducted among more than 1,000 team members of security operations centers worldwide, 46% said the average time needed to detect and respond to a security incident has increased over the past two years and more than 80% said that manual investigation of threats slows down their overall threat response times.⁴

The situation is further exacerbated by the fact that cyberattacks have significantly intensified over the past few years, with attacks becoming more frequent and sophisticated.

Cyberattacks are on the rise

Increasing volumes of cyber incidents are continuing to threaten businesses.

The average duration of downtime after a ransomware attack between Q1 2020 and Q2 2022 increased by 60% from 15 days to 24 days.⁵
In 2022, 83% of organizations had multiple data breaches and ransomware attacks increased by 13%, which is a rise equal to the last five years combined.⁶
Data from Checkpoint Research shows a 7% global increase in weekly cyberattacks during Q1 2023. During this time, 310 cyber incidents were publicly disclosed.⁷
Over one billion malware programs are circulating with an estimated 560,000 new instances discovered daily. Every minute four businesses get attacked by ransomware.⁸
Cyber incidents can cause publicly listed companies to lose an average of 7.5% of their stock price and it takes 46 days to recover if they are able to do so at all.⁹

What is the cost of a data breach?

According to IBM, the average global cost of data breach reached USD 4.45 million in 2023, which represents a 2.3% increase from the 2022 average cost of USD 4.35 million. It can include everything from ransom payments and lost revenues to business downtime, remediation, legal and audit fees.¹⁰ Since 2020 (when the average total cost of a data breach was USD 3.86 million), this number has increased by 15.3%. The United States topped the ranking of regions with the highest data breach costs for the 13th consecutive year, with the cost totaling USD 9.48 million, more than double the global average, followed by the Middle East and Canada (chart 1).

Chart 1: Cost of an average data breach by country or region, in million USD

A graph depicting the cost of an average data breach by country and region in million USD

ASEAN is a cluster sample of companies located in Singapore, Indonesia, the Phillippines, Malaysia, Vietnam and Thailand.

Source: IBM (2023): Cost of a Data Breach Report 2023, p. 12.

A graph depicting the cost of an average data breach by country and region in million USD.

Chart 2: Cost of an average data breach by sector, in million USD

A graph depicting the cost of an average data breach by sector in million USD.

When looking across industry sectors, the healthcare segment reported the highest costs of a data breach, followed by the financial and the pharmaceutical industry. Over the past three years, the average cost of a data breach in healthcare has grown by 53.3%. According to the authors, the main reasons are that healthcare faces higher levels of industry regulation and is considered a critical infrastructure by the US government. The healthcare industry has seen notably higher average data breach costs (chart 2)¹¹, particularly since the start of the COVID-19 pandemic.

AI to ease the workload of cybersecurity teams

We believe that the use of AI has the potential to become a critical solution in IT security by helping to detect cyberthreats and increase response time, thus acting as an “assistant” to IT security analysts. According to Acumen Research & Consulting, the market size for AI in the cybersecurity market accounted for USD 14.9 billion in 2021 and is estimated to reach a market value of USD 133.8 billion in 2030, which represents a compound annual growth rate (CAGR) of 27.8%. This trend is powered by the surging use of social media for business operations, growing government investments in AI adoption as well as technological advancements in security systems to combat the increasingly sophisticated cyberattacks.¹²

The idea behind AI in IT security is to use AI-enabled software to augment human expertise in rapidly identifying new types of malware traffic or hacking attempts. Because of recent advances in computing power, AI in IT security is now becoming a reality with comparatively small datasets. AI solutions can ease the workload of cybersecurity teams and effectively remove false positives by quickly drawing correlations and insights from vast datasets across assets. It can further automate low value tasks and allow IT security teams to focus on higher priority threats.

According to the IBM Institute for Business Value, AI is already reducing the costs of cybersecurity responses.¹³

The companies at the forefront of adopting AI have reported a 15% reduction in overall cybersecurity costs.
The average expense of data breaches can be reduced by over USD 3 million.
AI has the potential to improve the incident response time. Historically, it took an average of 230 days to detect, respond to, and recover from a cyberattack. With AI implementation, it can cut that time by up to 99 days.

Historically, cybersecurity was designed to look at a specific domain and resolve threats under a particular scenario. However, the increasing sophistication of cyberattacks demands unified solutions. While AI use is not new to security in cases such as anomaly detection, we think generative AI (GAI) is a step-function improvement, given its ability to generate recommendations and automate manual, ad hoc tasks previously performed by IT security professionals. It enables aggregating and correlating data across many isolated products that comprise an organization's security stack. IT security teams are then able to strengthen their defense by identifying patterns and connections that humans find difficult to detect across business verticals and locations.

A recent report published by the Cloud Security Alliance (CSA) finds that GAI models substantially improve vulnerability scanning: the OpenAI’s Codex platform, which is based on ChatGPT, was able to detect and scan vulnerabilities in software code written in various programming languages. According to CSA, this technology might become an integral component in IT security responses. Interestingly, the report remarks that GAI is able to detect and watermark AI-generated text. This could improve the detection of phishing emails and become part of email protection software. Such technology could check for unusual email sender addresses, domains, or links to malicious websites.¹⁴

Accelerating the cybersecurity arms race

Attacks on IT security are becoming more systemic and more severe. Although short-term impacts of a cyberattack on a business can be quite severe, the long-term structural impact can be even more dramatic for an organization, including even the potential loss of competitive advantage. While the broad use of AI is not new in the field of IT security, we think generative AI specifically can offer a step-function improvement, given its ability to quickly generate content and recommendations. This offers real benefits for applications such as security analytics, app security, vulnerability management, and data protection.

In our view, the IT security theme is becoming omnipresent in our daily lives and the implications for the integration of AI are becoming more critical. Leading IT security companies are making great strides in integrating AI solutions into their products. We believe that both the good and the bad actors will surely use GAI in the cybersecurity arms race, forcing businesses and governments to upgrade their IT security infrastructure.

¹ Examples of attack surfaces are workstation and laptops, network file servers, mobile devices, multi-function printers, to name a few.
² Critical Start (2021): The Impact of Security Alert Overload, 2021/02, p. 6, https://www.criticalstart.com/wp-content/uploads/2021/02/CS_Report-The-Impact-of-Security-Alert-Overload.pdf, retrieved on 22.09.2023.
³ Swimlane (2022): The Top SOC Analyst Challenges, 18.11.2022, https://swimlane.com/blog/top-soc-analyst-challenges/, retrieved on 22.09.2023.
⁴ Morning Consult (2023): Global Security Operations Center Study Results, March 2023, p. 3, accessed on 19.09.2023.
⁵ Statista (2023): Average duration of downtime after a ransomware attack at organizations worldwide from 1st quarter 2020 to 2nd quarter 2022, https://www.statista.com/statistics/1275029/length-of-downtime-after-ransomware-attack-global/#statisticContainer, retrieved on 19.09.2023.
⁶ Huang et al (2023): The Devastating Business Impacts of a Cyber Breach, Harvard Business Review, May 2023, https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach, retrieved on 19.09.2023.
⁷ Checkpoint Research (2023): Global Cyberattacks Continue to Rise with Africa and APAC Suffering Most, 27 April 2023, https://blog.checkpoint.com/research/global-cyberattacks-continue-to-rise/#:~:text=Global%20weekly%20attacks%20rose%20by,increase%20compared%20to%20Q1%202022, retrieved on 20.09.2023.
⁸ DataProd (2023): A Not-So-Common Cold: Malware Statistics in 2023, 14.07.2023, https://dataprot.net/statistics/malware-statistics/, retrieved on 20 September 2023.
⁹ Infosecurity Magazine (2019): Companies' Stock Value Dropped 7.5% after Data Breaches, 15.05.2019, https://www.infosecurity-magazine.com/news/companies-stock-value-dropped-1/, retrieved on 19.09.2023.
¹⁰ IBM (2023): Cost of a data breach report 2023, IBM, p. 5, https://www.ibm.com/downloads/cas/E3G5JMBP, retrieved on 19.09.2023. The audit fees for companies following data breaches can be around 13.5% higher than those for firms without breaches (Yen et al. (2018): The impact of audit firms’ characteristics on audit fees following information security breaches, Journal of Accounting and Public Policy, p. 2, https://fardapaper.ir/mohavaha/uploads/2019/01/Fardapaper-The-impact-of-audit-firms%E2%80%99-characteristics-on-audit-fees-following-information-security-breaches.pdf, retrieved on 19.09.2023.
¹¹ IBM (2023): Cost of a data breach report 2023, IBM, p. 13, https://www.ibm.com/downloads/cas/E3G5JMBP, retrieved on 19.09.2023.
¹² Acumen Research & Consulting (2022): Artificial Intelligence in Cybersecurity Market Analysis - Global Industry Size, Share, Trends and Forecast 2022 – 2030, July 2022, https://www.acumenresearchandconsulting.com/artificial-intelligence-in-cybersecurity-market, retrieved on 22.09.2023.
¹³ IBM Institute for Business Value (2023): The power of AI: Security, 2023, https://www.ibm.com/downloads/cas/BYLG6LWR, retrieved on 20.09.2023.
¹⁴ Cloud Security Alliance (2023): Security Implications of ChatGPT, 2023, p. 27ff, https://cloudsecurityalliance.org/artifacts/security-implications-of-chatgpt/, retrieved on 22.09.2023

About the author

Dr. Patrick Kolb
Senior portfolio manager, Thematic Equities
Patrick Kolb (PhD), Managing Director, has been a Senior Portfolio Manager for the Security Equity strategy since 2007. In 2005, he joined Credit Suisse Asset Management, now part of UBS Group, where he initially focused on the industrials and technology sectors. Patrick graduated from the University of Zurich with a major in Finance and then worked as a research assistant at the Institute of Banking and Finance at the University of Zurich before earning his PhD in Financial Economics.