BOSTON, Dec. 18, 2025 /PRNewswire/ — A new report from the Boston Consulting Group (BCG) underscores the urgent implications of artificial intelligence (AI) in cybersecurity, revealing that 60% of surveyed companies may have encountered AI-enabled cyberattacks in the past year. Despite this growing menace, only 7% have implemented AI-based defense mechanisms, while 88% express plans to do so, highlighting a significant gap between awareness and action.
The report, titled AI Is Raising the Stakes in Cybersecurity, is based on a global survey of 500 senior executives from diverse sectors. It illustrates that while AI is enhancing attackers’ capabilities—making cyber threats swifter, more deceptive, and scalable—the response from organizations has been notably sluggish. “AI is enabling a new era of cyber threats that are faster, more deceptive, and more scalable,” stated Shoaib Yousuf, a managing director and partner at BCG, who coauthored the report. “But most companies are still stuck with outdated tools and underfunded strategies, leaving them highly exposed.”
The report outlines alarming case studies that showcase the breadth of AI’s application in cybercrime. For instance, a multinational engineering firm suffered a $25 million fraud incident due to a deepfake video call impersonating its CFO. Similarly, an AI-generated robocall campaign spoofed voter communications, resulting in a $1 million regulatory fine. A ransomware attack on a healthcare provider even led to system encryptions, delaying surgeries.
Despite recognizing the risks, the organizational response has not matched the advancing threats. Only 5% of companies have notably increased their cybersecurity budgets in reaction to AI-related attacks, while 69% report challenges in hiring talent skilled in AI cybersecurity. Among the existing AI-enabled defense tools, only 25% are deemed advanced, raising concerns about the ability to keep pace with emerging threats.
Executives foresee a rapid evolution in the nature of AI-powered cyberattacks, viewing AI-enabled financial fraud (43%), AI-powered social engineering (39%), and attackers using AI to accelerate vulnerability discovery (28%) as the most significant risks over the next two years. The report indicates that healthcare and government sectors are particularly vulnerable, facing high levels of risk exposure.
In light of these findings, BCG emphasizes the need for a dual leadership approach to effectively close the cybersecurity gap. CEOs are urged to prioritize cybersecurity and AI initiatives at the board level, while Chief Information Security Officers (CISOs) should hasten the deployment of high-impact AI-enabled use cases. Key recommendations include establishing a board-backed AI-cyber mandate and ensuring allocation of adequate resources to enhance defenses.
“The era of passive cyber defense is over,” remarked Vanessa Lyon, global director of BCG’s Center for Leadership in Cyber Strategy and coauthor of the report. “Attackers are moving at machine speed. The only winning strategy is to meet autonomy with autonomy, through intelligence, leadership, and commitment. This is the moment when organizations decide whether they will shape the AI-cyber landscape or be shaped by it.”
As digital transformation continues to accelerate, the BCG report serves as a clarion call for businesses to evolve their cybersecurity postures in tandem with technological advancements. The landscape is shifting, and organizations that fail to adapt may find themselves at a disadvantage, underscoring the strategic importance of cybersecurity as an integral part of business strategy.
For further insights, the full publication is available for download here.
See also
60% of Firms Report AI-Enabled Cyberattacks; Only 7% Use AI Defense Tools, BCG Finds
Experts Warn AI, Quantum Tech Accelerate Cyber Threats at House Hearing
General Dynamics Secures $285M Contract for Virginia Cybersecurity Services
Chinese Hackers Use AI to Automate Attacks, Target 30+ Entities, Warns Anthropic
Gopher Security Unveils AI-Driven Anomaly Detection for Post-Quantum Systems
