BCG -人工智能帶來新的網絡風險 也有助于解決這些風險 AI Creates New Cyber Risks. It Can Help Resolve Them,Too_第1頁
BCG -人工智能帶來新的網絡風險 也有助于解決這些風險 AI Creates New Cyber Risks. It Can Help Resolve Them,Too_第2頁
BCG -人工智能帶來新的網絡風險 也有助于解決這些風險 AI Creates New Cyber Risks. It Can Help Resolve Them,Too_第3頁
BCG -人工智能帶來新的網絡風險 也有助于解決這些風險 AI Creates New Cyber Risks. It Can Help Resolve Them,Too_第4頁
BCG -人工智能帶來新的網絡風險 也有助于解決這些風險 AI Creates New Cyber Risks. It Can Help Resolve Them,Too_第5頁
已閱讀5頁,還剩11頁未讀 繼續(xù)免費閱讀

下載本文檔

版權說明:本文檔由用戶提供并上傳,收益歸屬內容提供方,若內容存在侵權,請進行舉報或認領

文檔簡介

BCG

PRINCIPALINVESTORSANDPRIVATEEQUITY

AICreatesNewCyberRisks.ItCanHelp

ResolveThem,Too

ByBradenHolstege,

ClarkO’Niell

,

ColinTroha

,

VanessaLyon

,

AlexAsen

,YixingSu,SeanMitchell,Shai-LiRon,andHelenRhee

ARTICLEJULY30,20258MINREAD

AI

hasledtoawiderangeofnewapplicationsandsolutionstotransformbusinesses,butforchiefinformationsecurityo?cers(CISOs)andtheorganizationstheyprotect,italsocreatesnew

vulnerabilities.Infact,AI-poweredattacksarenowthemainissuekeepingCISOsupatnight.Asaresult,companiesareadjustingtheircyberbudgets—andinmanycasesincorporatingAI-enabledsolutionstokeeptheirorganizations,customers,anddatasafe.

?2025BostonConsultingGroup1

?2025BostonConsultingGroup2

BCGandGLCrecentlysurveyedCISOstounderstandtheirconcernsandprioritiesinanever-changingcyberrisklandscape.(See“AbouttheSurvey.”)TheresultsshowthatAI-poweredcyberattackshaverisentobecomethetopconcern,upfrom?hplacelastyearandcitedby80%ofCISOsinthesurvey.(SeeExhibit1.)Persistentconcernslikecloudrisk,third-partysecurity,andendpointprotectioncontinuetoholdsteady.

AbouttheSurvey

Toconductthesurvey,BCG’s

CenterforLeadershipinCyberStrategy

—alongwiththe?rm’sPrincipalInvestorsandPrivateEquityandTelecommunications,Media,andTechnologypractices—recentlypartneredwithGLG,aresearch?rmthat

primarilyservesthe?nancialindustry.Thesurveydrewresponsesfrommorethan300CISOsacrossgeographicmarkets,companysizes,andindustries.Wealso

segmentedrespondentsbasedontheircybermaturitytoidentifyhowleadingorganizationssetthemselvesapart.(Thisfollowssimilaranalysesin

2024

and

2023

.)

?2025BostonConsultingGroup3

Otherkey?ndingsinclude:

.ToprepareforAI-poweredattacksandevolvingcyberthreats,CISOsexpecttocontinue

increasingspendacrosscybercategories,especiallyinthreatintelligenceandapplicationsecurity.Overall,budgetswilllikelygrowbyabout10%thisyear,inlinewiththeincreaseinpreviousyears.

.CISOsareshowingstrongerinterestinadoptingnewcyberfeaturesfromexistingvendorsinsteadofnewvendors.

Our?ndingshaveclearimplicationsforallstakeholders.CISOs,C-suites,andboardsneedto

remainvigilantagainstthegrowingrangeofcyberthreats.Cybersecurityvendorsneedto

continuallyre?neandupdatetheiro?erings.Andinvestorsneedtoensurethatthecybersecuritycompaniesintheirportfoliocontinuetodevelopproductfeaturesandcapabilitiestoaddressthechangingcyberthreatlandscape.

TheRapidRiseofAI-EnabledThreats

Inourresultsfor2025,AI-poweredattackshavebecomethetopCISOconcern,withasharp19-

pointincreaseoverlastyear.Thatre?ectstherapidevolutionofAIoverall,creatingmorecomplexandunpredictablerisksthatmanycompaniesarestillstrugglingtounderstand.

Within

GenAI,

thebiggestconcernamongCISOsarethreatsthatexploitsocialengineering,citedby62%ofrespondentsasamajorconcernorcriticalthreat.Organizationshaveseenasurgein

automated,Gen-AIpoweredattacks,whichareincreasinglyeasyforattackerstoexecuteandcanbeextremelye?ectiveatdeceivingemployees,partners,orcustomers.Asonerespondentputit,

“We’veseenpersonalizedattacks,atspeedandatscale,targetingbothemployeesandcustomers.WeknowtheonlywaythiscanbedoneiswithGenAItools.”

CISOsarealsohighlyconcernedaboutAI-enabledfraudschemes,leakageofsensitivedataduringtheuseofGenAItools,andAI-assistedexploitationofknownvulnerabilities—allcitedbymore

thanhalftheCISOsinoursurvey.(SeeExhibit2.)

?2025BostonConsultingGroup4

CompaniesaretakingactiontomeettheAIthreat,butsomearestrugglingtokeeppace.

Speci?cally,CISOspointtoincreasinginvestmentsincyberawarenesstrainingandthreatintelligenceasthetoptwomeasuresagainstGenAIthreats.

BolsteringexistingcybertoolswithnewGenAIcapabilitiesisalsoatoppriority.MostorganizationsplantoadoptGenAI-drivencyberfeaturesfromexistingvendors(insteadofstartups),withhalf

expectingtoincreasetheirbudgettoadoptGenAI-cyberfeaturesandtheotherhalfexpectingtoadoptGenAIfeatureswithinthecurrentbudget.

Ontheotherhand,eventhemostcyber-matureorganizationsinoursamplearelaggingon

protectingtheirGenAIbusinesssystemsfromattack,withonly30%havingimplementedorpilotedcybersolutionsspeci?callytoprotectGenAI-relatedsystems.

ContinuedChangesinProductandVendorPriorities

Lookingatshisinproductsandvendors,threatintelligenceandapplicationsecurityproductshavebecomeincreasinglyubiqitousoverthepasttwoyears.Inbothcategories,citedadoptionrateshaverisenfromarangeof50%to60%in2023tonearly80%in2025.

?2025BostonConsultingGroup5

Areaslikezero-trustnetworkaccess,datasecurity,identityandaccessmanagement,andthreatintelligenceallshowprojectedspendincreasesof10%ormore.Regardingthreatintelligence,forexample,asorganizationsfacecontinueduncertaintyfromunknownthreats(especiallyfrom

GenAI),theyarelookingtogetasmuchintelaspossibleonwhatmightbecomingtheirwayandhowtoproactivelydefendthemselves.

Incontrast,CISOsexpecttospendlessonbaselineservicessuchasgovernance,risk,and

compliance,mobilethreatdefense,andbackupandrecovery—manyofwhicharebundledintobroadero?erings.(SeeExhibit3.)

Similarly,theconsolidationamongvendorsnotedinpreviousyearscontinuesthisyear.Acrossmostcyberproductcategories,farmoreCISOsexpecttoconsolidatethanexpandvendors.

Comparedtothesurveyresultslastyear,applicationsecurity,datasecurity,anduni?edendpoint

managementarethethreeproductcategorieswhereCISOsexpressedsigni?cantlyhigherinterestinconsolidation,potentiallydrivenbyvendors’platformstrategy.(SeeExhibit4.)

?2025BostonConsultingGroup6

Spendprioritiesareoneareawherethecybermaturitygapisnoteworthy.Advancedorganizationsinoursampletendtobemoreforward-lookinginhowtheyidentifyrisksandprioritizeinvestments.Speci?cally,theyarefocusedonriskssuchasAIthreatsandevolvingprivacydemands,alignedwithpotentialfuturethreatsandtheevolvingregulatorylandscape.Incontrast,less-mature

organizationslagonfoundationalinfrastructuresecurityandundervalueareassuchasmulti-cloudanddatacentermigration.(SeeExhibit5.)

?2025BostonConsultingGroup7

GrowingCyberBudgets

Inarecent

BCGsurveyofITbuyers,

aboutone-fourth(28%)expectanoveralldecreaseinIT

budgets,primarilyduetotari?-relatedcostpressures.YetCISOsseecyberbudgetsasrelativelyinsulatedfromreduction.CISOsexpectcyberspendtoincreaseby9%inthenext12months,

slightlylowerthanCISOs’expectationslastyear(11%).(SeeExhibit6.)What’smore,nearly80%expect

tari?s

tohavenochangeoronlyaslightshiincybersecuritybudgets.

?2025BostonConsultingGroup8

ThereareseveralpotentialexplanationsforwhyCISOsexpectcyberbudgetstoholdup.Oneis

thatcutscouldstillbecomingbutCISOssimplydon’tknowaboutthemyet.Anotheristhat

companiesaretakinga“waitandsee”approachtocostreductionsoverall,especiallygiventhe

uncertaintyaroundtari?sinthe?rsthalfof2025.Yetanotheristhatcompaniesseethecritical

valueofcybersecurityandarecontinuingtoincreasetheirinvestmentasthethreatenvironmentescalates.

TheBottomLineforStakeholders

Our?ndingshaveclearimplicationsforallstakeholdersin

cybersecurity

,fromC-suitesandCISOstovendorsandinvestors.

PrioritiesforCISOs,C-Suites,andBoards.Organizations,fromtheboardtotheCISO,should

increasinglyfocusoncybersecurityoutcomes.Giventheevolvinglandscapeofcyberthreats,

companiescannota?ordtorelax.ThatisparticularlytrueforAI-empoweredattacks,which

increasinglyrelyonsocialengineeringandfraudandareextremelycheaptoproduceconvincinglyandatmassivevolume.Althoughcostisafactorinassessingvendors,CISOsshouldfocusmoreoncybersecurityreturnoninvestment(ROI)thanpricealone—andremainabreastofconsolidationandotherdevelopmentsinthevendorlandscape.

PrioritiesforCybersecurityVendors.Forcybersecurityvendors,our?ndingsunderscorethe

importanceofcontinuallyrevisingandupgradingtheirproductcapabilities,especiallyregarding

GenAI-drivenfeatures.Whiletherearestillnichesforpointsolutionstosucceed,enterprise

customersshowaclearpreferenceforvendorconsolidationandacquiringnewcapabilitiesthroughadd-onmodulesandbundleso?eredthroughcurrentproviders.Accordingly,vendorsshouldaimto

?2025BostonConsultingGroup9

growthroughupsellingandcross-sellingtoexistingcustomersorattractingnewcustomersonthestrengthoftheiroverallplatform.

Inaddition,cybervendorsshouldcontinuetoemphasizethereliabilityandresilienceoftheir

solutions,bothwithintheirR&Dandproductdevelopmentlifecycleandasadi?erentiatingfeatureintheirgo-to-marketstrategy.

PrioritiesforInvestors.Forprivateequity?rmsthatcurrentlybackcybersecurityproviders—orseekto—ourdatashowsthefundamentalresilienceofthesector.Economicandgeopolitical

uncertaintyispushingcompaniestoscalebackITinvestments,butcybersecurityremainsa

budgetarypriority.Thatsaid,investorsneedtomakesurethecybercompaniesintheirportfoliocontinuetodelivervalue—throughfactorssuchastheoverallbreadthoffeatures,AI-related

innovation,andabedrockabilitytoprotectcompaniesfromevolvingcyberthreats—ratherthantryingtocompeteoncosts.InvestorsalsoneedtoworkwiththeirportfoliocompaniesonhowtobuildamarketingmessagearoundROItocustomers,todriveadoption.

Thegrowingscopeandcapabilitiesofbadactorsmeanthatallstakeholders—CISOs,boards,

vendors,andinvestors—cannotrest.AI,includingGenAI,isfuelinganeweraofcyberthreats,butotherdevelopmentsanddisruptionsarecoming.Our?ndingsshowthedegreetowhich

cybersecurityvendorsaremeetingthesechallenges—andthestepsthatCISOsaretakingtokeeptheircompaniesandcustomerssafe.

?2025BostonConsultingGroup10

Authors

?2025BostonConsultingGroup

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網頁內容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
  • 4. 未經權益所有人同意不得將文件中的內容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網僅提供信息存儲空間,僅對用戶上傳內容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內容本身不做任何修改或編輯,并不能對任何下載內容負責。
  • 6. 下載文件中如有侵權或不適當內容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論