The cost of worldwide cybercrime is expected to reach $10.5 trillion annually this year. The importance of cybersecurity can’t be overstated. As businesses accelerate their digital transformation efforts and artificial intelligence (AI) becomes a part of everyday operations, safeguarding sensitive information is more crucial than ever. Yet, many organizations still hesitate to invest adequately in cybersecurity, let alone when it comes to using AI.
Why’s there such reluctance, especially given the escalating threats?
To explore this paradox, we sat down with Martin Fix, Technology Director at Star, to dive into the evolving cybersecurity landscape, the new risks posed by AI and actionable strategies that businesses of all sizes can implement today.
Why companies undervalue cybersecurity
Despite high-profile breaches making headlines regularly, not every company is proactive when it comes to cybersecurity. According to Fix, several intertwined factors contribute to this persistent issue
Underestimating the risks
A lot of businesses operate under the assumption that their systems are inherently secure and that breaches are unlikely. Or that cybersecurity is only a concern for larger organizations. This false sense of security can be dangerous.
It’s often only after a major incident — a data breach, ransomware attack, operational disruption — that companies fully appreciate the consequences of neglecting cybersecurity.
“Convincing companies that security is not a default state but an active, ongoing effort is a major challenge,” Fix explains.
Viewing cybersecurity as a cost, not a strategy
Another major hurdle is the perception that cybersecurity is a financial burden rather than a strategic investment. When budgets are tight, companies often prioritize growth initiatives or product development and push cybersecurity down the list.
However, ignoring security can ultimately be far more costly. Regulatory fines, reputational damage, customer churn and operational downtime can quickly outweigh any upfront savings made by skimping on cybersecurity measures.
Misunderstanding cybersecurity
Fix also points to a common misconception: confusing cybersecurity with other forms of quality assurance (QA). While QA focuses on ensuring that software functions correctly and meets requirements, cybersecurity is about ensuring that functionality can’t be hijacked, manipulated or intercepted by malicious actors.
The difference is crucial. Cybersecurity demands a distinct mindset.
Cybersecurity is actually 90% about human behavior and 10% about technology.
Martin Fix
Technology Director at Star
“Cybersecurity is actually 90% about human behavior and only 10% about technology," Fix emphasizes. "While technology can provide tools and frameworks, the greatest vulnerability — and strength — lies in human awareness and behavior."
For example, a developer might unintentionally store sensitive credentials in source code. This wouldn’t necessarily cause a bug (and might pass standard QA) but it would represent a major security flaw easily exploited by attackers.
The human factor of cybersecurity
The Fort Knox analogy is often used in cybersecurity circles. Even if you have the best locks and most fortified doors, a single careless human action like leaving a door open can render all defenses useless.
Human error remains the single largest contributor to cybersecurity breaches today. Common mistakes include:
- Falling for phishing attacks
- Using weak passwords
- Misconfiguring cloud services
- Sharing sensitive information over unsecured channels
Technology alone won’t solve these problems. Fix argues that creating a culture of security is critical. This involves training employees at all levels to recognize threats, understand security protocols and develop a security-first mindset in everything they do.
“Educating your development and operational teams isn’t a one-time event — it must be an ongoing commitment,” he notes.
AI’s role in Cybersecurity
AI has added a new layer of complexity to the cybersecurity landscape. On one hand, AI offers powerful tools for detecting threats, analyzing patterns and automating security responses. But on the other, it provides attackers with unprecedented capabilities.
How AI fuels cyber threats
AI-powered systems can generate thousands of highly personalized phishing emails in mere minutes, making attacks more convincing and harder to detect. These emails can mimic the writing style of colleagues, executives and trusted brands. Thus making traditional "red flag" detection methods far less effective.
“AI doesn't just automate existing attacks; it enhances them,” Fix warns. "Attackers can now test, learn, and adapt at speeds that human defenders struggle to match."
Furthermore, AI can identify and exploit security weaknesses faster, learn how to bypass defenses dynamically and even mask malicious behavior to appear as legitimate user activity. It’s not all doom and gloom though.
The AI vs. AI battle
Fortunately, AI can also be used defensively. Machine learning models monitor systems for unusual behavior, identify potential breaches earlier and automate threat responses to contain incidents before they spread.
It’s truly a double-edged sword. AI against AI in a constant arms race where businesses must leverage AI to defend themselves just as attackers leverage AI to break through.
Fix likens it to a “good cop, bad cop” scenario. AI plays both roles, and companies must ensure they are harnessing the "good" side to stay one step ahead.
Preparation over perfection
Given the speed at which cybersecurity threats evolve, is it even possible to build a system that AI can’t penetrate?
Fix says the focus shouldn't be on building impenetrable walls. Instead, businesses should prioritize resilience — the ability to detect, respond to and recover from breaches quickly and effectively. “The goal is not to eliminate breaches entirely — that's unrealistic. The goal is to minimize the impact when breaches occur,” Fix states.
This mindset shift from pure prevention to resilience and response is crucial in today’s AI cybersecurity strategy.
Will AI replace cybersecurity?
No, it won't. AI is an augmentation tool there to assist cybersecurity professionals rather than replace them. Human oversight — problem solving, critical thinking and human judgement — is still pinnacle when it comes to evolving cybersecurity threats.
Essentially, while AI will automate and support certain cybersecurity tasks, it's unlikely to take jobs entirely. Human defenders will always be needed to counter new techniques and provide the right judgement calls.
How to strengthen AI cybersecurity
For business and technology leaders looking to bolster their defenses, Fix offers clear, actionable steps.
- Train your people: Invest in continuous cybersecurity training programs for all employees, not just IT staff. Teach them to recognize phishing attempts, practice good password hygiene and understand the importance of security protocols. Regular updates and real-world simulations (like phishing tests) can reinforce good practices and keep security top of mind.
- Embed security from the start: Don’t bolt security onto your products and systems at the end. Integrate cybersecurity considerations into the design and development process from the very beginning. "Security by design" should be a core principle for all digital initiatives.
- Implement multi-factor authentication (MFA): MFA is a simple yet powerful layer of protection that can thwart many unauthorized access attempts, AI or human. Implement it wherever possible, especially for critical systems and remote access points.
- Conduct regular audits: Independent security audits and penetration tests reveal vulnerabilities you might otherwise miss. Make them a routine part of your operations — not just a compliance checkbox.
- Develop a response plan: Create an incident response plan that covers technical recovery, customer communication and regulatory reporting. Ensure leadership and stakeholders are aware of the plan, and rehearse it regularly. A fast, coordinated response can limit damage and preserve trust in the event of a breach.
- Stay informed and adaptable: The threat landscape evolves constantly, especially with AI accelerating the pace of change. Stay informed about emerging threats, evolving best practices and new security technologies. Being agile and willing to adjust your cybersecurity strategy is key to staying ahead.
Cybersecurity: A strategic imperative
Cybersecurity is no longer just an IT concern or a budget line item. It's a business-critical priority that demands executive attention, continuous investment and cultural change.
Whether you're a startup, a mid-sized company or a global enterprise, the fundamentals remain the same: educate your people, embed security into your DNA, and build AI systems that are resilient against today's — and tomorrow’s — threats.
But it's imperative the AI systems you build are ethical and within stringent laws. Learn how to embed cybersecurity, data privacy and ethical AI into every phase of development with our guide to AI governance.
