Can artificial intelligence revolutionize IT security?

The rapid rise of digitization is changing the way businesses operate, offering immense opportunities but also significant challenges. The number of cyberattacks has grown dramatically over the past few years. Given their potentially serious and costly consequences, IT security is becoming an increasingly important issue, which companies need to tackle. Can AI help mitigate the problem? Read and find out.

November 16, 2023

Dr. Patrick Kolb,

Senior Portfolio Manager, Thematic Equities

Key takeaways

Cyberattacks are becoming not only more and more frequent but also increasingly sophisticated, posing a serious threat to companies and individuals.

The ever-increasing number of IT security alerts puts a strain on professionals responsible for early detection and quick response to IT security risks.

The use of AI, particularly in areas such as security analytics, app security, vulnerability management, and data protection, has the potential to become a key milestone in ensuring IT security.

The digitization of our society is a megatrend that we believe is only going to accelerate in the next few years, leaving businesses and individuals susceptible to cyberattacks. The so-called “attack surface”1, which is the number of possible points where an unauthorized user can access a system and extract data, has broadened in our view, mainly due to increased connectivity, 5G, and the Internet of Things (IoT). In addition, working from home or, in fact, from anywhere, is becoming a natural part of our daily life, giving hackers more opportunities to exploit vulnerabilities. Cybercriminals are using more and more sophisticated methods, such as social engineering or supply chain attacks, to infiltrate networks.

What are the main IT security challenges today?

With the attack surface expanding, it is becoming more challenging for organizations to block potential threats quickly. IT security teams must focus on precise and rapid detection of cyberthreats, while also improving their response capabilities. The following factors are challenging IT organizations:2

  • Overburdened IT security analysts are forced to triage a flood of security alerts. According to a survey, nearly half of the analysts reported a false-positive rate of 50% or higher.
  • 56% of large organizations deal with 1,000 or more security alerts daily.3 That puts IT security analysts in a difficult position because they can typically review only around ten security alerts per day.

Not surprisingly, IT security teams are at risk of getting fatigued and understaffed, which further adds to staff turnover. In addition, the amount of time needed to resolve cyberattacks is rising: according to a survey conducted among more than 1,000 team members of security operations centers worldwide, 46% said the average time needed to detect and respond to a security incident has increased over the past two years and more than 80% said that manual investigation of threats slows down their overall threat response times.4

The situation is further exacerbated by the fact that cyberattacks have significantly intensified over the past few years, with attacks becoming more frequent and sophisticated.

Cyberattacks are on the rise

Increasing volumes of cyber incidents are continuing to threaten businesses.

  • The average duration of downtime after a ransomware attack between Q1 2020 and Q2 2022 increased by 60% from 15 days to 24 days.5
  • In 2022, 83% of organizations had multiple data breaches and ransomware attacks increased by 13%, which is a rise equal to the last five years combined.6
  • Data from Checkpoint Research shows a 7% global increase in weekly cyberattacks during Q1 2023. During this time, 310 cyber incidents were publicly disclosed.7
  • Over one billion malware programs are circulating with an estimated 560,000 new instances discovered daily. Every minute four businesses get attacked by ransomware.8
  • Cyber incidents can cause publicly listed companies to lose an average of 7.5% of their stock price and it takes 46 days to recover if they are able to do so at all.9

What is the cost of a data breach?

According to IBM, the average global cost of data breach reached USD 4.45 million in 2023, which represents a 2.3% increase from the 2022 average cost of USD 4.35 million. It can include everything from ransom payments and lost revenues to business downtime, remediation, legal and audit fees.10 Since 2020 (when the average total cost of a data breach was USD 3.86 million), this number has increased by 15.3%. The United States topped the ranking of regions with the highest data breach costs for the 13th consecutive year, with the cost totaling USD 9.48 million, more than double the global average, followed by the Middle East and Canada (chart 1).

Chart 1: Cost of an average data breach by country or region, in million USD

Source: IBM (2023): Cost of a Data Breach Report 2023, p. 12.

Chart 2: Cost of an average data breach by sector, in million USD

Source: IBM (2023): Cost of a Data Breach Report 2023, p. 13.

When looking across industry sectors, the healthcare segment reported the highest costs of a data breach, followed by the financial and the pharmaceutical industry. Over the past three years, the average cost of a data breach in healthcare has grown by 53.3%. According to the authors, the main reasons are that healthcare faces higher levels of industry regulation and is considered a critical infrastructure by the US government. The healthcare industry has seen notably higher average data breach costs (chart 2)11, particularly since the start of the COVID-19 pandemic.

Unbox the Future

Powerful megatrends have the potential to change every facet of our daily lives. Join our award-winning investment team in their pursuit of identifying the most innovative pure-play companies that may add long-term growth potential and portfolio diversification. 


AI to ease the workload of cybersecurity teams

We believe that the use of AI has the potential to become a critical solution in IT security by helping to detect cyberthreats and increase response time, thus acting as an “assistant” to IT security analysts. According to Acumen Research & Consulting, the market size for AI in the cybersecurity market accounted for USD 14.9 billion in 2021 and is estimated to reach a market value of USD 133.8 billion in 2030, which represents a compound annual growth rate (CAGR) of 27.8%. This trend is powered by the surging use of social media for business operations, growing government investments in AI adoption as well as technological advancements in security systems to combat the increasingly sophisticated cyberattacks.12

The idea behind AI in IT security is to use AI-enabled software to augment human expertise in rapidly identifying new types of malware traffic or hacking attempts. Because of recent advances in computing power, AI in IT security is now becoming a reality with comparatively small datasets. AI solutions can ease the workload of cybersecurity teams and effectively remove false positives by quickly drawing correlations and insights from vast datasets across assets. It can further automate low value tasks and allow IT security teams to focus on higher priority threats.

According to a publication by the IBM Institute for Business Value, AI is already reducing the costs of cybersecurity responses.13

  • The companies at the forefront of adopting AI have reported a 15% reduction in overall cybersecurity costs.
  • The average expense of data breaches can be reduced by over USD 3 million.
  • AI has the potential to improve the incident response time. Historically, it took an average of 230 days to detect, respond to, and recover from a cyberattack. With AI implementation, it can cut that time by up to 99 days.

Historically, cybersecurity was designed to look at a specific domain and resolve threats under a particular scenario. However, the increasing sophistication of cyberattacks demands unified solutions. While AI use is not new to security in cases such as anomaly detection, we think generative AI (GAI) is a step-function improvement, given its ability to generate recommendations and automate manual, ad hoc tasks previously performed by IT security professionals. It enables aggregating and correlating data across many isolated products that comprise an organization's security stack. IT security teams are then able to strengthen their defense by identifying patterns and connections that humans find difficult to detect across business verticals and locations.

A recent report published by the Cloud Security Alliance (CSA) finds that GAI models substantially improve vulnerability scanning: the OpenAI’s Codex platform, which is based on ChatGPT, was able to detect and scan vulnerabilities in software code written in various programming languages. According to CSA, this technology might become an integral component in IT security responses. Interestingly, the report remarks that GAI is able to detect and watermark AI-generated text. This could improve the detection of phishing emails and become part of email protection software. Such technology could check for unusual email sender addresses, domains, or links to malicious websites.14

Accelerating the cybersecurity arms race

Attacks on IT security are becoming more systemic and more severe. Although short-term impacts of a cyberattack on a business can be quite severe, the long-term structural impact can be even more dramatic for an organization, including even the potential loss of competitive advantage. While the broad use of AI is not new in the field of IT security, we think generative AI specifically can offer a step-function improvement, given its ability to quickly generate content and recommendations. This offers real benefits for applications such as security analytics, app security, vulnerability management, and data protection.

In our view, the IT security theme is becoming omnipresent in our daily lives and the implications for the integration of AI are becoming more critical. Leading IT security companies are making great strides in integrating AI solutions into their products. We believe that both the good and the bad actors will surely use GAI in the cybersecurity arms race, forcing businesses and governments to upgrade their IT security infrastructure. Therefore, as long-term-oriented and patient investors, we are shareholders of innovative companies that are providing cutting-edge solutions, such as GAI security analyst programs, AI for IT operations, or AI-driven threat detection platforms.

Credit Suisse Asset Management has designed a number of highly focused strategies to provide clients with “pure-play”15 exposure to a number of compelling long-term secular growth themes, such as robotics and automation, security and safety, infrastructure, digital health, edutainment, environmental impact, and energy evolution.

Investment possibilities

Find investment products that suit your personal needs. Choose from our extensive range of investment solutions across all major asset classes, and access all product-related information.

Get in touch with Asset Management

Contact us to learn about exciting investment opportunities. We are here to help you achieve your investment goals.

To the extent that these materials contain statements about the future, such statements are forward looking and are subject to a number of risks and uncertainties and are not a guarantee of future results/performance.
The individuals mentioned above only conduct regulated activities in the jurisdiction(s) where they are properly licensed, where relevant.
Every investment involves risk. You may lose part or all of invested capital.

1 Examples of attack surfaces are workstation and laptops, network file servers, mobile devices, multi-function printers, to name a few.
2 Source: Critical Start (2021): The Impact of Security Alert Overload, 2021/02, p. 6,, retrieved on 22 September 2023.
3 Source: Swimlane (2022): The Top SOC Analyst Challenges, 18 November 2022,, retrieved on 22 September 2023.
4 Source: Morning Consult (2023): Global Security Operations Center Study Results, March 2023, p. 3,, retrieved on 19 September 2023.
5 Source: Statista (2023): Average duration of downtime after a ransomware attack at organizations worldwide from 1st quarter 2020 to 2nd quarter 2022,, retrieved on 19 September 2023.
6 Source: Huang et al (2023): The Devastating Business Impacts of a Cyber Breach, Harvard Business Review, May 2023,, retrieved on 19 September 2023.
7 Source: Checkpoint Research (2023): Global Cyberattacks Continue to Rise with Africa and APAC Suffering Most, 27 April 2023,,increase%20compared%20to%20Q1%202022, retrieved on 20 September 2023.
8 Source: DataProd (2023): A Not-So-Common Cold: Malware Statistics in 2023, 14 July 2023,, retrieved on 20 September 2023.
9 Source: Infosecurity Magazine (2019): Companies' Stock Value Dropped 7.5% after Data Breaches, 15 May 2019,, retrieved on 19 September 2023.
10 Source: IBM (2023): Cost of a data breach report 2023, IBM, p. 5,, retrieved on 19 September 2023.  The audit fees for companies following data breaches can be around 13.5% higher than those for firms without breaches (source: Yen et al. (2018): The impact of audit firms’ characteristics on audit fees following information security breaches, Journal of Accounting and Public Policy, p. 2,, retrieved on 19 September 2023.
11 Source: IBM (2023): Cost of a data breach report 2023, IBM, p. 13,, retrieved on 19 September 2023.
12 Acumen Research & Consulting (2022): Artificial Intelligence in Cybersecurity Market Analysis - Global Industry Size, Share, Trends and Forecast 2022 – 2030, July 2022,, retrieved on 22 September 2023.
13 IBM Institute for Business Value (2023): The power of AI: Security, 2023,, retrieved on 20 September 2023.
14 Source: Cloud Security Alliance (2023): Security Implications of ChatGPT, 2023, p. 27ff,, retrieved on 22 September 2023
15 By the “pure-play” concept we mean companies that have at least 50% in revenues directly attributable to the corresponding theme.

This is a marketing communication.

Source: Credit Suisse, otherwise specified.
Unless noted otherwise, all illustrations in this document were produced by Credit Suisse AG and/or its affiliates with the greatest of care and to the best of its knowledge and belief.

This material constitutes marketing material of Credit Suisse AG and/or its affiliates (hereafter "CS"). This material does not constitute or form part of an offer or invitation to issue or sell, or of a solicitation of an offer to subscribe or buy, any securities or other financial instruments, or enter into any other financial transaction, nor does it constitute an inducement or incitement to participate in any product, offering or investment. This marketing material is not a contractually binding document or an information document required by any legislative provision. Nothing in this material constitutes investment research or investment advice and may not be relied upon. It is not tailored to your individual circumstances, or otherwise constitutes a personal recommendation, and is not sufficient to take an investment decision. The information and views expressed herein are those of CS at the time of writing and are subject to change at any time without notice. They are derived from sources believed to be reliable.CS provides no guarantee with regard to the content and completeness of the information and where legally possible does not accept any liability for losses that might arise from making use of the information. If nothing is indicated to the contrary, all figures are unaudited. The information provided herein is for the exclusive use of the recipient. The information provided in this material may change after the date of this material without notice and CS has no obligation to update the information. This material may contain information that is licensed and/or protected under intellectual property rights of the licensors and property right holders. Nothing in this material shall be construed to impose any liability on the licensors or property right holders. Unauthorised copying of the information of the licensors or property right holders is strictly prohibited. This material may not be forwarded or distributed to any other person and may not be reproduced. Any forwarding, distribution or reproduction is unauthorized and may result in a violation of the U.S. Securities Act of 1933, as amended (the “Securities Act”). In addition, there may be conflicts of interest with regards to the investment. In connection with the provision of services, Credit Suisse AG and/or its affiliates may pay third parties or receive from third parties, as part of their fee or otherwise, a one-time or recurring fee (e.g., issuing commissions, placement commissions or trailer fees). Prospective investors should independently and carefully assess (with their tax, legal and financial advisers) the specific risks described in available materials, and applicable legal, regulatory, credit, tax and accounting consequences prior to making any investment decision.

Singapore: This document is not a prospectus as defined in the Securities and Futures Act 2001 of Singapore ("SFA") and has not been registered as a prospectus with the Monetary Authority of Singapore. Accordingly, statutory liability under the SFA in relation to the content of prospectuses would not apply, and this document should not be construed in any way as a solicitation or an offer to buy or sell any interest or investment referred to in this document.
© UBS 2024. All rights reserved.

Distributor AM: UBS Asset Management (Singapore) SGR, 9 Penang Road; Singapur 238459
Distributor PB: Credit Suisse AG, Singapore Branch, 1 Raffles Link #03-01 One Raffles Link Singapore, 039393 Singapore