Artificial Intelligence and Cybersecurity Balancing Risks and Rewards 2025

Introduction: The scope This report is part of a series exploring the transformative role of artificial intelligence (AI) across industrial ecosystems, along with cross-industry, industry-specific and regional perspectives. It is specifically focused on how organizations can reap the benefits of AI adoption while mitigating the associated cybersecurity risks. The business benefits of adopting AI can be considerable, but the cyber risks of embedding these technologies into an organization are not always considered from the outset. By adopting AI, businesses may find themselves vulnerable to new threats that they do not yet know how to defend themselves against. The impact of AI on cybersecurity can be considered to fall into three broad categories: –The use of AI by threat actors: Threat actors are using AI to enhance their capabilities and make their tactics, techniques and procedures more potent, and attacks more effective. –The use of AI by defenders: In parallel, cyber defenders are harnessing AI to enhance cybersecurity capabilities, facilitating wider prevention, more accurate threat detection, autonomous remediation and more rapid and effective incident response. –Cybersecurity for AI: The use of AI is creating an expanded attack surface that might be exploited by threat actors. Existing methods need to be extended to address new vulnerabilities that are inherent in AI, but that may not be as relevant for “classical” IT systems. This report focuses on the third of these – namely, the need to adopt AI systems with due consideration for the emergent cyber risks. It contains guidance for business leaders and senior risk owners on managing the cyber risks associated with the implementation of AI technologies while innovating in their use of AI.Cyber risks related to AI adoption have to be considered by business leaders and senior risk owners alike. The triangle of AI impacts on cybersecurity FIGURE 1 Cybersecurity capabilities need to innovate to protect the business; consequence of attacks are tightly linked to business processesNew attack surface offers new targets and attack vectors, which will need to be defended Next-generation cyber arms race driven by threat interest and potential for collateral damageWider attack surface and cyber harms to enterprise New attack surface and propagation of risks across businesses Enhanced cyber defence tools: Better prevention and attack detection, and more effective incident responseMore potent cyberattacks: Toxicity of cyberspace increases, targeting of victims more effectiveImpacts of AI on cybersecurity Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards 6