Deep Instinct Study Finds Significant Increase in Cybersecurity Attacks Fueled by Generative AI

NEW YORK, NY, August 23, 2023 – Deep Instinct, the prevention-first cybersecurity company that stops unknown malware pre-execution with a purpose-built, AI-based deep learning (DL) framework, released the fourth edition of its Voice of SecOps Report. The research – “Generative AI and Cybersecurity: Bright Future or Business Battleground?” – was conducted by Sapio Research and surveyed over 650 senior security operations professionals in the US, including CISOs and CIOs.

The study highlights the impact of generative AI in the cybersecurity industry, analyzing the technology’s positive and negative effect on organizations’ security postures and preparedness. Unsurprisingly, 75% of security professionals witnessed an increase in attacks over the past 12 months, with an astonishing 85% attributing this rise to bad actors using generative AI.

Generative AI: Business Friend or Foe?
According to the study, 69% of respondents have already adopted generative AI tools within their organization, with the highest adoption taking place (80%) within the finance sector. Nearly three fourths (70%) of security professionals say generative AI is positively impacting employee productivity and collaboration, with 63% stating the technology has also improved employee morale.

However, senior security professionals also view generative AI as a disruptive cybersecurity threat, with nearly half (46%) of respondents believing generative AI will increase their organization’s vulnerability to attacks. The top three generative AI threat issues include growing privacy concerns (39%); undetectable phishing attacks (37%); and an increase in the volume and velocity of attacks (33%).

The technology has already been repurposed by bad actors as evidenced by WormGPT, a new generative AI tool advertised on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise attacks.

Ransomware: As New Vulnerabilities Emerge, An Old Threat Remains a Challenge
In addition to concerns around unknown attacks fueled by generative AI, ransomware continues to plague organizations, with nearly half (46%) of respondents saying that ransomware is the greatest threat to their organization’s data security. In fact, 62% admit that ransomware is the number one C-suite concern, up from 44% in 2022.

The pressure to address the ongoing threat of ransomware is causing organizations to shift their data security approach, with almost half (47%) of respondents now possessing a policy to pay the ransom, versus 34% in 2022. This has resulted in 42% of respondents paying for the return of their data over the past year – up from 32% last year. Conversely, those who opt to pay because they have ransomware insurance has fallen from 62% in 2022 to 43% in 2023.

Mounting Security Team Stress: A Call to Change the Status Quo
Today’s cybersecurity teams are grappling with an increased workload given the adoption of new technologies like generative AI. As a result, more than half (55%) of security professionals say their stress levels have increased, with the top reason being staffing and resource limitations (42%). In fact, 51% are likely to leave their job in the next 12 months as a result of stress.

Furthermore, despite the persisting industry skills gap, job security has become a concern for some cybersecurity professionals, with 14% of respondents fearing their job will soon become irrelevant and 11% feeling unclear if their role will exist five years from now due to the rise of AI.

When diving deeper into the top stressors, false positives from antiquated cybersecurity tools are creating a massive strain on security operations teams’ time, with false positives accounting for over two working days of lost productivity per week. This has caused dissatisfaction with current security tools, with most (65%) respondents saying they deserve better from Endpoint Detection and Response (EDR) and Next-Generation Antivirus (NGAV) solutions – up from 51% in 2022.

EDR tools make it impossible to truly prevent threats. To alleviate cybersecurity team stress and strengthen security postures, prevention must take precedence over reactive protection. Nearly three out of four respondents (72%) believe preventing attacks before they occur is a priority, signaling a needed change from the industry.

“In this new era of generative AI, the only way to combat emerging AI threats is by using advanced AI – one that can prevent and predict unknown threats. Relying on antiquated tools like EDR is the equivalent of fighting a five-alarm fire with a garden hose,” said Lane Bess, CEO of Deep Instinct. “Assuming breach has been an accepted stance but the belief that EDR can get out ahead of threats is simply not true. A shift toward predictive prevention for data security is required to remain ahead of vulnerabilities, limit false positives, and alleviate security team stress.”

To download Deep Instinct’s Voice of SecOps report, please click here. To learn more about Deep Instinct’s predictive prevention capabilities, visit www.deepinstinct.com.

Survey Methodology
Sapio Research surveyed 652 senior cybersecurity experts from companies with 1,000+ employees in the USA. The interviews were conducted online in June 2023 using an email invitation and an online survey.

Respondents worked at organizations which operated in either financial services, technology, manufacturing, retail, healthcare, public sector, or critical infrastructure (such as telecoms, energy, utilities, and transportation).

C-suite is defined as those who hold chief, global, head of department, or director roles, while reports are those who hold a manager, administrator, analyst, team lead, or officer role.

Read more >
See our other articles here
© Chrysalis Investments Limited – All Rights Reserved

G10 Capital Limited is the AIFM to Chrysalis Investments Limited.
Chrysalis Investment Partners LLP is the investment adviser to G10 Capital Limited.
Chrysalis Investment Partners LLP is an appointed representative of G10 Capital Limited which is authorised and regulated by the Financial Conduct Authority.

Disclaimer - Important

THE WEBSITE YOU ARE SEEKING TO ACCESS IS MADE AVAILABLE BY CHRYSALIS INVESTMENTS LIMITED (THE “COMPANY“) IN GOOD FAITH AND IS PROVIDED FOR INFORMATION PURPOSES ONLY.

THE INFORMATION CONTAINED ON THIS WEBSITE IS INTENDED FOR PERSONS IN THE UNITED KINGDOM ONLY AND IN PARTICULAR IS NOT FOR RELEASE, PUBLICATION OR DISTRIBUTION, DIRECTLY OR INDIRECTLY, IN WHOLE OR IN PART, IN OR INTO ANY MEMBER STATE OF THE EUROPEAN ECONOMIC AREA (“EEA”), THE UNITED STATES, CANADA, AUSTRALIA, THE REPUBLIC OF SOUTH AFRICA OR JAPAN OR ANY OTHER JURISDICTION WHERE ITS RELEASE, PUBLICATION OR DISTRIBUTION IS OR MAY BE UNLAWFUL.

Please read this notice carefully – it applies to all persons who view this website. Please note that the terms set out below may be altered or updated without notice. You should read the following provisions in full each time you visit the site.

The information on this website is intended for, and may be accessed only by, persons in the United Kingdom. Viewing the materials you are seeking to access may not be lawful in other jurisdictions.

The information on this website is for information purposes only and does not constitute or form a part of any offer or invitation to sell or issue, or the solicitation of any offer to purchase or subscribe for, securities. Any subscription for securities in the Company may be made only pursuant to a prospectus issued by the Company from time to time that will provide detailed information about the Company and the securities to be offered (the “Prospectus”). Particular attention should be paid to the “Risk Factors” section of the Prospectus which will highlight specific risks relating to the Company.

No securities of the Company have been or will be registered under the US Securities Act of 1933, as amended (the “Securities Act“) or under the securities laws of any state or other jurisdiction of the United States and may not be offered, sold or delivered, directly or indirectly, in or into the United States, or to or for the account or benefit of any US person (within the meaning of Regulation S under the Securities Act). In addition, the Company has not been, and will not be, registered under the United States Investment Company Act of 1940, as amended. There will be no public offer of securities in the United States.

If you are not permitted to view this website or are in any doubt as to whether you are permitted to view this website, please exit this website immediately by clicking on the “Disagree” button below. The contents of this website must not be released or otherwise forwarded, distributed or sent, directly or indirectly, in whole or in part, outside the United Kingdom and in particular in or into any Member State of the EEA, the United States, Australia, Canada, the Republic of South Africa or Japan or any other jurisdiction where the distribution of such materials would or may breach any applicable law or regulation or would require any registration or licensing within such jurisdiction. Persons receiving any such materials (including, without limitation, custodians, nominees and trustees) should observe these restrictions and must not, directly or indirectly, in whole or in part, forward, distribute or send them in, into or from any jurisdiction outside the United Kingdom. Neither the Company, Jupiter Investment Management Limited (the “Investment Adviser”) nor their respective advisers accept any responsibility for any violation by any person of any of these restrictions.

Basis of access

Access to this website is for information purposes only. Any person seeking access to this website represents and warrants to the Company and the Investment Adviser that they are doing so for information purposes only. Making this website available does not constitute an offer to issue or sell or the solicitation of an offer to subscribe for or buy securities in the Company. Further, it does not constitute a recommendation by the Company or the Investment Manager or any associated company or any other person to subscribe for or buy securities in the Company. The information on this website is general in nature and does not in any way constitute investment, tax, legal or other advice.

None of the Company, the Investment Adviser or any other person has, or accepts, any responsibility or duty to update any information, document or announcement contained on this website and the Company reserves the right to add to, remove or amend any information available on this website at any time.

The information on this website is general in nature and may be subject to amendment and updating without notice. None of the Company, the Investment Adviser nor any other person guarantees the accuracy or completeness of any information on this website and each such person disclaims all representations and warranties, whether express or implied, to the greatest extent permitted by applicable law and regulation. By continuing to use this website, you agree to the exclusion by such persons, to the greatest extent permitted by applicable law and regulation, of any and all liability for any direct, indirect, punitive, consequential, incidental, special or other damages, including, without limitation, loss of profits, revenue or data arising out of or relating to the provision of and your use of this website and its content.
Neither the Company, its directors, the Investment Adviser nor any other person accepts any responsibility in respect of any information contained on any other website which may be linked to or from this website.

Use of Cookies

The Company uses cookies to track where you are accessing this website from. For further details of the types of cookie we use please refer to our Privacy and Cookies policy.

Confirmation of understanding and acceptance of terms

Please select your country of residence:

By clicking on the “Agree” button below, you confirm, represent and warrant to the Company and to Merian that you are located in the United Kingdom and you agree that you will not forward, distribute or send any materials contained in this website to any person outside the United Kingdom.

I have read and understood the terms set out above, which I understand may affect my rights and I agree to be bound by those terms. By clicking on the “Agree” button below, I confirm that I am permitted to access the website.