82% firms can’t afford AI-cybersecurity talent

A new report by Boston Consulting Group (BCG) said artificial intelligence (AI) is fundamentally reshaping the cybersecurity landscape and exposing major gaps in corporate defences. Despite growing awareness of the risks, the pace of cyber defence adoption is failing to keep up with the speed and sophistication of AI-driven attacks.

The report, ‘AI Is Raising the Stakes in Cybersecurity’, is based on a global survey of 500 senior leaders, including 50 in Africa, across industries and geographies and finds that almost 60 per cent of African companies believe they experienced an AI-powered cyberattack in the past year, yet only half prioritise using AI to improve cyber defences.

It disclosed that only seven per cent of global organisations have so far deployed AI-enabled defence tools, though 88 per cent planned to do so.

Managing Director and Senior Partner at BCG Casablanca and Head of BCG’s Tech Hub in Africa, Hamid Maher, said: “AI is enabling a new era of cyber threats that are faster, more deceptive, and infinitely more scalable – and African businesses are already feeling the impact.

“More than half have faced AI-enabled attacks in the last year, yet only 29 per cent have advanced AI cyber defence capabilities. This gap between the speed of attackers and the tools defenders use is creating an exposure level our continent can no longer afford.”

The report outlined how AI is enhancing attackers’ capabilities across a range of tactics, from ransomware and phishing to voice cloning and deepfake video fraud.

Among the case studies was a $25 million fraud incident at a multinational engineering firm triggered by a deepfake video call impersonating the CFO. There was also an AI-generated robocall campaign spoofing voter communications, leading to a $1 million regulatory fine.

The report also disclosed a ransomware attack on a healthcare provider that encrypted hospital systems and delayed surgeries.

Yet, it revealed that organisational response has been sluggish. For instance, BCG observed that just five per cent of global and three per cent of African companies have significantly increased cybersecurity budgets due to AI.

69 per cent of global and 82 per cent of African companies report difficulty hiring AI-cybersecurity talent.

Only 25 per cent and 29 per cent of existing AI-enabled defence tools are considered advanced by global and African organisations, respectively; a growing concern as agentic AI accelerates threat evolution.

On his part, Managing Director at BCG Platinion Casablanca, Hakim Hamane, said: “While attackers are evolving with AI, most organisations across Africa are still relying on outdated tools and underfunded strategies. When 82 per cent of companies struggle to hire AI security talent, it’s clear that the continent’s cybersecurity posture must shift from reactive to truly future ready.”

According to the report, threats will evolve and defences must keep pace. Executives foresee that the nature of AI-powered cyberattacks will continue to evolve rapidly, requiring a constant recalibration of defences. They consider the most critical cyber x AI threats to their organisation over the next two years as: AI-enabled financial fraud (43 per cent); AI-powered social engineering (39 per cent); attackers using AI to accelerate vulnerability discovery (28 per cent); AI-powered malware that learns and adapts to bypass defences (26 per cent).

The report found high-risk exposure across all industries, with healthcare and government among the most vulnerable.

BCG said there is an urgent need for the CEO and CISO to align. The report called for a dual leadership model to close the defence gap. CEOs must prioritise cybersecurity and AI at the board level, while CISOs should accelerate deployment of high-impact, AI-enabled use cases.

The report recommended, among others, the need to set a Board-backed AI-Cyber mandate and fund it accordingly, deploy AI in defences where it changes the risk curve fastest, secure the AI systems the organisation is building, and build cyber agility with multi-vendor architecture.

Global Director of BCG’s Centre for Leadership in Cyber Strategy, and co-author of the report, Vanessa Lyon, said the era of passive cyber defence is over, “Attackers are moving at machine speed. The only winning strategy is to meet autonomy with autonomy, through intelligence, leadership, and commitment. This is the moment when organisations decide whether they will shape the AI-cyber landscape or be shaped by it.”