E63 - 90% of Organizations Can't Counter AI-Enabled Threats

By FIR Risk Advisory | Cybersecurity Fraud Intelligence

Weekly Risk Intelligence Brief  

Source: Accenture — State of Cybersecurity Resilience 2025 (2,286 executives across 17 countries and 24 industries)

The 30-Second Brief  

Accenture surveyed 2,286 security and technology executives across 17 countries. The headline: 90% of organizations lack the maturity to counter AI-enabled threats. Only 10% reach what Accenture calls the “Reinvention-Ready Zone.” The other 63% sit in the “Exposed Zone” — vulnerable to attacks that are growing 75% year-over-year.

The gap between those who’ve embedded security into their AI transformation and those who haven’t is no longer theoretical. It’s measurable: 69% fewer advanced AI attacks, 1.6x higher ROI, and 14% faster detection.

The Maturity Gap  

Only 10% Are Ready — 63% Are Exposed  

Accenture’s maturity model divides organizations into two zones:

• Reinvention-Ready (10%): Security embedded into AI transformation from inception
• Exposed Zone (63%): Reactive, siloed, and vulnerable to AI-powered attacks

The Reinvention-Ready organizations aren’t just better defended — they’re fundamentally different:

• 69% less likely to suffer advanced AI-powered cyberattacks
• 1.6x higher ROI on AI investments
• 1.7x reduction in technical debt
• 1.6x stronger customer trust
• 14% faster threat detection from just 10% more strategic investment

INTEL [TREND]: Only 10% of organizations have the maturity to counter AI-enabled threats. The 63% in the Exposed Zone face 69% higher likelihood of advanced AI attacks. The gap isn’t closing — it’s widening as AI adoption accelerates faster than security maturity.

The Numbers Behind the Gap  

The specifics are alarming:

• 90% lack maturity to counter AI-enabled threats
• 77% deficient in foundational data and AI security practices
• 84% struggle aligning cyber risk with transformation goals
• 92% lack essential resilience-building efforts
• 83% haven’t established secure cloud foundations
• 88% face difficulties implementing Zero Trust
• Only 25% fully leverage encryption and access controls

INTEL [VULNERABILITY]: 77% of organizations are deficient in foundational AI security practices and 88% struggle with Zero Trust implementation. These aren’t advanced capabilities — they’re baseline. Organizations should audit their AI security posture against Accenture’s maturity framework and close foundational gaps before pursuing advanced defenses.

The Threat Acceleration  

75% Surge in Cyberattacks  

Cyberattacks increased 75% year-over-year in Q3 2024, averaging 1,876 attacks per organization. 72% of executives report increased cyber threats. Attackers are leveraging generative AI to bypass legacy defenses at scale.

Key threat vectors: ransomware, cyber-enabled fraud, supply chain attacks, malicious insiders, and disinformation — all amplified by AI.

INTEL [ATTACK TECHNIQUE]: Cyberattacks surged 75% YoY to 1,876 per organization in Q3 2024. Generative AI is enabling attackers to scale phishing, malware delivery, and social engineering beyond what legacy defenses can handle. The Morris II worm demonstrates AI-driven threats that exploit large language models directly.

The Talent Crisis  

4.8 million unfilled cybersecurity positions globally. But there’s a counterbalance: 71% of security analyst tasks can be amplified with generative AI. The organizations in the Reinvention-Ready Zone are 83% more likely to be using AI-powered analytics — they’re solving the talent gap with technology.

INTEL [GLOBAL RECOMMENDATION]: 4.8 million unfilled cybersecurity positions globally, but 71% of analyst tasks can be AI-amplified. Organizations should deploy generative AI for threat detection, workflow automation, and analyst augmentation — not as a future initiative, but as an immediate talent gap strategy.

Four Actions to Reach the Reinvention-Ready Zone  

1. Develop AI security governance — Elevate AI security to board-level priority. Define AI-specific policies for data, privacy, and access control. Only 37% assess AI security before deployment — that’s too late.

2. Design a generative AI-secure digital core — Embed security into AI development from inception, not as a retrofit. Adopt Zero Trust with continuous authentication. Reinvention-Ready orgs are 3.3x more likely to use proactive cloud security.

3. Maintain resilient AI systems — Continuous monitoring, threat intelligence, and regular red-teaming. Only 17% fully leverage threat intelligence. Reinvention-Ready orgs are 80% more likely to have advanced monitoring.

4. Leverage AI to amplify security teams — Use AI-powered analytics for detection, automate workflows, and bridge the 4.8M talent gap. Reinvention-Ready orgs are 83% more likely to deploy AI analytics.

CISO Checklist  

• Is cybersecurity embedded in AI transformation strategies from inception?
• Do we have board-level accountability for AI risks?
• Have we implemented Zero Trust and secure cloud foundations?
• Do we have visibility across IT and OT environments?
• Are we conducting regular AI-driven attack simulations?
• Do we have playbooks for AI-specific threats?
• Are we leveraging generative AI for threat detection and response?

The Bottom Line  

The cybersecurity maturity gap is now an AI maturity gap. 90% of organizations can’t counter AI-enabled threats. 63% are in the Exposed Zone. Attacks are surging 75% year-over-year.

But the path forward is clear: the 10% who’ve embedded security into AI transformation see 69% fewer advanced attacks, 1.6x higher ROI, and measurably faster detection. The question isn’t whether to invest in AI security — it’s whether you can afford not to.

Find all editions on FIR Risk Tuesday | GitHub