A new report from Boston Consulting Group (BCG) reveals that artificial intelligence (AI) is fundamentally reshaping the cybersecurity landscape and exposing major gaps in corporate defences.
Despite growing awareness of the risks, the pace of cyber defence adoption is failing to keep up with the speed and sophistication of AI-driven attacks.
The report, AI Is Raising the Stakes in Cybersecurity, is based on a global survey of 500 senior leaders, including 50 in Africa, across industries and geographies and finds that almost 60% of African companies believe they experienced an AI-powered cyberattack in the past year, yet only half prioritise using AI to improve cyber defences.
Only 7% of global organisations have so far deployed AI-enabled defence tools, though 88% plan to do so.
“AI is enabling a new era of cyber threats that are faster, more deceptive, and infinitely more scalable – and African businesses are already feeling the impact,” says Hamid Maher, MD and senior partner at BCG Casablanca and head of BCG’s Tech Hub in Africa.
“More than half have faced AI‑enabled attacks in the last year, yet only 29% have advanced AI cyber‑defence capabilities.
“This gap between the speed of attackers and the tools defenders use is creating an exposure level our continent can no longer afford.”
AI is accelerating offence faster than defence
The report outlines how AI is enhancing attackers’ capabilities across a range of tactics, from ransomware and phishing to voice cloning and deepfake video fraud. Among the case studies:
- A $25-million fraud incident at a multinational engineering firm triggered by a deepfake video call impersonating the CFO.
- An AI-generated robocall campaign spoofing voter communications, leading to a $1-million regulatory fine.
- A ransomware attack on a healthcare provider that encrypted hospital systems and delayed surgeries.
Yet organisational response has been sluggish:
- Just 5% of global and 3% of African companies have significantly increased cybersecurity budgets due to AI.
- 69% of global and 82% of African companies report difficulty hiring AI-cybersecurity talent.
- Only 25% and 29% of existing AI-enabled defence tools are considered advanced by global and African organisations respectively; a growing concern as agentic AI accelerates threat evolution.
“While attackers are evolving with AI, most organisations across Africa are still relying on outdated tools and underfunded strategies,” says Hakim Hamane, MD of BCG Platinion Casablanca.
“When 82% of companies struggle to hire AI‑security talent, it’s clear that the continent’s cybersecurity posture must shift from reactive to truly future‑ready.”
Threats will evolve and defences must keep pace
Executives foresee that the nature of AI-powered cyberattacks will continue to evolve rapidly, requiring a constant recalibration of defences. They consider the most critical cyber x AI threats to their organisation over the next two years as:
- AI-enabled financial fraud (43%)
- AI-powered social engineering (39%)
- Attackers using AI to accelerate vulnerability discovery (28%)
- AI-powered malware that learns and adapts to bypass defences (26%)
The report finds high risk exposure across all industries, with healthcare and government among the most vulnerable.
Urgent need for CEO and CISO alignment
The report calls for a dual leadership model to close the defence gap. CEOs must prioritise cybersecurity and AI at the board level, while CISOs should accelerate deployment of high-impact, AI-enabled use cases.
Recommendations include:
- Set a board-backed AI-cyber mandate and fund it accordingly
- Deploy AI in defences where it changes the risk curve fastest
- Secure the AI systems the organisation is building
- Build cyber agility with multi-vendor architecture
“The era of passive cyber defence is over,” says Vanessa Lyon, global director of BCG’s Centre for Leadership in Cyber Strategy, and co-author of the report.
“Attackers are moving at machine speed. The only winning strategy is to meet autonomy with autonomy, through intelligence, leadership, and commitment.
“This is the moment when organisations decide whether they will shape the AI-cyber landscape or be shaped by it.”