18-07-2025
What The Last Century Of Cybersecurity Can Teach Us About What Comes Next In The Age Of AI
Mark Hughes is the Global Managing Partner of Cybersecurity Services at IBM.
New research from our company reveals that CISOs have just 36 months to adapt to AI-driven cybersecurity or face serious disruption. With just 30% of organizations ready to operate at that level, those not leading with AI risk falling behind as threats accelerate and competitors gain an advantage. Reassuringly, this isn't the first time security leaders have had to rethink their approach in response to a tech shift. To understand what's at stake for your business and what's coming next, it helps to look at how we got here.
Cybersecurity didn't begin with multimillion-dollar platforms or high-tech SOCs. It began in research labs, where engineers noticed users on shared systems could access files they weren't supposed to. Soon came the internet, and with it a new kind of threat. Attackers no longer had to be inside the building. Security moved from a system administrator's side job to a dedicated practice, and teams raced to keep up with threats growing faster than traditional IT teams were built to handle.
As cloud, mobile workforces and connected devices scaled, the job changed again. Now, with more data, devices and decisions than human teams can reasonably handle, we're entering a new phase—one where AI isn't just supporting operations but making split-second decisions that can save or cost millions in revenue and reputation.
The New 'First Responder' Is AI
As businesses moved operations online, networks expanded, creating complexity far harder to manage. Security teams needed structure. In most operations, the Tier One analyst was introduced as the first line of defense, responsible for reviewing alerts and passing along anything that looked serious.
Now, with the introduction of AI systems trained on years of real-world data, many of those tasks can be automated at scale—in most cases, with greater speed and consistency than a human working alone. The business impact is immediate and measurable.
To use AI effectively in frontline defense, it must do more than process data. It has to understand how your organization assesses risk and learn to make decisions that protect both security and business continuity. We're seeing that this is especially valuable for clients with high customer activity, where security teams are flooded with alerts that demand fast, accurate decisions to maintain service levels.
In retail environments, these stakes are particularly high as even a small delay in triage can disrupt customer experience and impact revenue. AI is beginning to handle that first layer of alerts by analyzing user behavior and flagging only credible threats. This frees entry-level analysts to focus on higher-value work, like identifying root causes and strengthening future defenses. This isn't just better security—it's a direct competitive advantage that translates to revenue protection and customer retention.
A New Wave Of Human Responsibilities
When intrusion detection systems (IDS) were introduced, they gave security teams something they never had before: real-time visibility into suspicious activity. But visibility brought volume. Alerts poured in, and most didn't point to real threats. Analysts were left with a new challenge and a human task: fine-tuning rules to cut noise and surface genuine threats.
Every leap in cybersecurity tooling has come with its own wave of new human responsibilities. Recent advances in AI, including the emergence of agentic systems that can act without human sign-off, now make it possible to detect and contain threats before a human ever sees the alert.
This capability is powerful, but it demands new forms of oversight. The new human task will be more strategic—to retrace the AI's decision path, check for missed context and determine whether the response was justified. Now that AI can act, analysts will be responsible for making sure those actions are appropriate.
Turn Insight Into Action
If the last century taught us anything, it's that technology alone doesn't solve problems or create business value. How organizations adapt to it does. The companies that will dominate the next decade aren't just adopting AI tools; they're rebuilding their entire security strategy around AI capabilities. To avoid another cycle of overwhelm and catch-up, organizations need to focus on three strategic moves grounded in what history has shown us works:
1. Treat AI as a team member. Just as early detection systems once overwhelmed teams with unclear alerts, AI can do the same without defined roles and clear integration into business processes. Analyze workflows to find where automation can improve speed or consistency, like reviewing large volumes of log data or spotting known threat patterns. Once you've identified the right opportunities, assign AI clear responsibilities and document them in playbooks. By explicitly defining AI's job, you reduce ambiguity, streamline execution and ensure it's used where most effective.
2. Train analysts to become AI supervisors. As AI takes on more routine security work, organizations must identify where human expertise adds the most strategic value and which skills matter most. Start by tracking when and why analysts intervene in AI-driven processes. Are they spotting misclassified patterns? Interpreting alerts based on business priorities? Coordinating with legal or communications teams to guide a broader response? Turn those insights into roles, build training around them and revisit regularly as both threats and technology evolve.
3. Connect AI actions to business outcomes. AI security tools shouldn't operate in isolation from business strategy. Map each AI-driven action to the business risks it helps mitigate, like preventing fraud or minimizing operational disruption. Incorporate business impact into response workflows so threats are prioritized based on what matters most to the organization. Use metrics that translate technical alerts into business language to better measure the effectiveness of AI-driven security initiatives.
Looking back at when I started in this space, the biggest transformation has been the role's scope and direct business impact. What was once a specialized technical function has become a central part of how organizations compete, operate and grow. As AI accelerates what's possible in security, the challenge for leadership is making choices that are as thoughtful as they are fast—and that position their organizations to lead rather than follow in an AI-driven marketplace.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
