AI-Driven Cyber Threats Are Outpacing Defense Capabilities

• 18 Dec 2025
• TM Team
• 0 Comments

A new report from  Boston Consulting Group (BCG)reveals that artificial intelligence is fundamentally reshaping the cybersecurity landscape and exposing major gaps in corporate defenses. Despite growing awareness of the risks, the pace of cyber defense adoption is failing to keep up with the speed and sophistication of AI-driven attacks.

The report, AI Is Raising the Stakes in Cybersecurity, is based on a global survey of 500 senior leaders across industries and geographies and finds that 60% of companies believe they experienced an AI-powered cyberattack in the past year. Only 7% have so far deployed AI-enabled defense tools, though 88% plan to do so.

"AI is enabling a new era of cyber threats that are faster, more deceptive, and more scalable," said Shoaib Yousuf, a BCG managing director and partner, and coauthor of the report. "But most companies are still stuck with outdated tools and underfunded strategies, leaving them highly exposed."

AI Is Accelerating Offense Faster Than Defense

The report outlines how AI is enhancing attackers' capabilities across a range of tactics, from ransomware and phishing to voice cloning and deepfake video fraud. Among the case studies:

• A $25 million fraud incident at a multinational engineering firm triggered by a deepfake video call impersonating the CFO.
• An AI-generated robocall campaign spoofing voter communications, leading to a $1 million regulatory fine.
• A ransomware attack on a healthcare provider that encrypted hospital systems and delayed surgeries.

Yet organizational response has been sluggish:

• Just 5% of companies have significantly increased cybersecurity budgets due to AI.
• 69% report difficulty hiring AI-cybersecurity talent.
• Only 25% of existing AI-enabled defense tools are considered advanced; a growing concern as agentic AI accelerates threat evolution.

Threats Will Evolve and Defenses Must Keep Pace

Executives foresee that the nature of AI-powered cyberattacks will continue to evolve rapidly, requiring a constant recalibration of defenses. They consider the most critical AI-cyber threats to their organization over the next two years as:

• AI-enabled financial fraud (43%)
• AI-powered social engineering (39%)
• Attackers using AI to accelerate vulnerability discovery (28%)
• AI-powered malware that learns and adapts to bypass defences (26%)