According to a new survey from ISC2, cybersecurity teams are taking a cautious aopproach towards adopting AI, despite industry hype and pressure from business leaders.
Although AI is widely promoted as a transformative technology for security operations, only a small handful of practitioners have incorporated these tools into their daily workflows, while the rest remain hesitant due to concerns over privacy, oversight, and unintended risks.
Many CISOs remain cautious about AI adoption as they cite privacy, oversight, and the risks of moving too quickly as major concerns. A survey of over 1,000 cybersecurity proessionals found just 30% of cybersecurity teams are using AI tools in their daily operations, while 42% are still evaluating their options. Only 10% said they have no plans to adopt AI at all.
Adoption is most advanced in the industrial sector (38%), IT services (36%), and professional services (34%). Larger organistions with more than 10,000 employees are further ahead, as 37% actively use AI tools.
Smaller businesses, those with fewer than 99 staff or between 500 and 2,499 employees, demonstrate the slowest uptake – with only 20% using AI. Among the smallest organisations, 23% say they have no plans to evaluate AI security tools at all.
“The ISC2 research echoes what we’re hearing from CISOs globally. There’s real enthusiasm for the potential of AI in cybersecurity, but also a growing recognition that the risks are escalating just as fast. Our research shows that over a third (34%) of CISOs have already banned certain AI tools like DeepSeek entirely, driven by fears of privacy breaches and loss of control,” said Andy Ward, SVP International, Absolute Security. “AI offers huge promise to improve detection, speed up response times, and strengthen defences, but without robust strategies for cyber resilience and real-time visibility, organisations risk sleepwalking into deeper vulnerabilities. As attackers leverage AI to reduce the gap between vulnerability and exploitation, our defences must evolve with equal urgency. Now is the time for security leaders to ensure their people, processes, and technologies are aligned, or risk being left dangerously exposed.”
“It’s no surprise to see security professionals taking a measured, cautious approach to AI. While these tools bring undeniable efficiencies, privacy and control over sensitive data must come first. Too many AI solutions today operate in ways that risk exposing confidential information through third-party platforms or unsecured systems,” added Arkadiy Ukolov, Co-Founder and CEO, Ulla Technology. “For AI to be truly fit for purpose in cybersecurity, it must be built on privacy-first foundations, where data remains under the user’s control and is processed securely within an enclosed environment. Protecting sensitive information demands more than advanced tech alone, it requires ongoing staff awareness, training on AI use, and a robust infrastructure that doesn’t compromise security.”
Where AI has been implemented, the advantages are clear: 70% of those already using AI tools report positive impacts on overall effectiveness in areas such as network monitoring and intrusion detection (60%), endpoint protection and response (56%), vulnerability management (50%), threat modelling (45%) and security testing (43%).
AI adoption is expected to have mixed impacts on hiring. Over half of cybersecurity professionals believe AI will reduce the need for entry-level roles by automating repetitive tasks.
However, 31% expect that AI will create new opportunities for junior talent ot demand new skill sets, helping to redress some of the projected reductions in headcount. 44% said their hiring plans have not yet been affected, though the same proportion report their organisations are actively reconsidering the skills and roles required to manage AI technologies.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
