Artificial intelligence (AI) is rapidly reshaping cybersecurity and is the biggest driver of change in the field, according to a new World Economic Forum report: 94% of cyber leaders identify AI as a defining force and 77% of organisations already use it in their cyber operations.
The AI and Cyber: Empowering Defenders report, developed in collaboration with KPMG, highlights measurable gains in cost reduction, response speed and resilience.
While threat actors increasingly weaponise AI to automate deception, generate malware and scale attacks at machine speed, the report indicates that organizations deploying AI strategically are achieving significant advantages.
Organisations that extensively leverage AI in security reduce average breach costs by up to $1,9-million and shorten breach lifecycles by approximately 80 days.
“AI has the potential to shift the balance towards defenders,” says Akshay Joshi, head of the centre for cybersecurity at World Economic Forum.
“Organisations that treat it as a strategic capability, rather than a standalone tool, will be better placed to turn growing cyber risk into resilience and competitive advantage.”
Building on the Forum’s 2025 publication, Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards, the 2026 edition focuses on how organisations are deploying AI for defence in practice.
As enterprise attack surfaces expand to include hundreds of thousands of internet-facing assets, the scale and complexity of cyber risk are increasing significantly.
Among the examples featured, KPMG reports a 25% increase in operational efficiency in threat intelligence, Accenture cut security analysis time in more than 100 000 Internet-facing sites from 15 minutes to under one minute, and IBM’s ATOM platform helps scale global 24×7 threat detection and response, automating more than 850 analyst hours a month and cutting end-to-end investigation time by 37%.
“Attackers are moving faster and at greater scale than ever before. This report is a call to action for organizations to match that pace, with AI as a force multiplier for cyber defence,” says Laurent Gobbi, partner and global head of cyber & tech risk at KPMG.
The report emphasises that AI’s value in cybersecurity lies in augmenting human expertise, accelerating decisions and strengthening resilience, rather than automation alone. It highlights that its impact depends on clear AI deployment strategy, rigorously tested use cases before scaling, and strong governance and human oversight from the outset.
The report draws on 20 real-world case studies and insights from one-on-one interviews and workshops conducted under the World Economic Forum’s Cyber Frontiers: AI & Cyber initiative, convening 105 representatives from 84 organizations across 15 industries.
As cyber risks become more complex, the report calls on business and government leaders to treat AI as a foundational security capability, investing not only in technology but also in the skills, processes and governance required to defend at machine speed.