Dive Brief:
- Businesses are confident that AI will improve their cybersecurity posture, even as they neglect more fundamental security tools like identity management and zero-trust networking, according to a “State of Workforce Password Security” report that the business software provider Zoho published on Tuesday.
- AI confidence also doesn’t match implementation readiness, the report found, with a massive gap between the share of companies expecting AI to help them with security and the share of companies ready to act on that potential.
- The report also contains data on the share of companies that experienced recent cyberattacks and the business world’s security spending plans.
Dive Insight:
The gap between AI eagerness and AI readiness was one of the top findings Zoho highlighted in its report. While 90% of survey respondents said AI could strengthen their cyber defenses, only 8% said they were currently ready to deploy AI-powered security tools.
“An 82-point gap between belief and deployment readiness defines the most critical inflection point in workforce security,” Zoho said.
At the same time, many businesses don’t have a handle on core cybersecurity practices. Roughly three-quarters of respondents said they lacked complete visibility into their identity ecosystem, meaning they don’t know who has access to which systems. While 36% reported partial visibility, 38% reported limited visibility and 14% said they had no visibility at all.
“This ‘identity visibility gap’ is not a peripheral concern,” Zoho warned. “It is the central vulnerability enabling unauthorised access, insider threats, and compliance failures.”
On the important metric of zero-trust networking — the design of systems to anticipate compromise and limit its impact — roughly two-thirds of businesses said they had no strategy for implementing it. Roughly half of those businesses said they planned to adopt a strategy within the next three years, which Zoho said created “a critical window of vulnerability for credential-based attacks.”
More than half of businesses said zero-trust networking was difficult because of “unmanageable” growth in their identity ecosystems, while another one-third of respondents said they lacked the right processes and tools.
The report, based on a survey of 3,300 cybersecurity professionals in nine regions and six industries worldwide, also found that one-third of businesses experienced a cyberattack in the past year, with an additional 7% “not certain whether they had been attacked.”
On the AI-for-security front, companies are most interested in the technology’s ability to detect anomalous activity and threats (68% cited this as a desired feature), automatically enforce policies (61%) and analyze employee behavior (54%). But multiple factors are holding back their AI adoption, with outdated technology, concerns about the complexity of migration and budget constraints topping the list.
