AI Can Boost Cyber Defence But Poor Governance and Overreliance May Create New Risks, Warns WEF-KPMG Report

The World Economic Forum (WEF) and KPMG have released a new white paper warning that while artificial intelligence (AI) is becoming indispensable in modern cybersecurity, organizations risk undermining resilience if they adopt the technology without strong governance, clear strategy and continued human oversight.

The report, Empowering Defenders: AI for Cybersecurity, published in collaboration with KPMG, highlights how AI is increasingly reshaping cyber defence as organizations struggle to keep pace with more sophisticated, faster-moving threats powered by the same technology.

The report said that AI is reshaping the cybersecurity landscape, while noting that “attackers are increasingly using AI to increase the speed, scale and sophistication of threats”. In response, AI-driven tools are becoming central to cybersecurity operations, from detecting and preventing incidents to responding and recovery.

According to the report, the focus is no longer solely on the cybersecurity risks created by AI, but also on how organizations can use it defensively. The paper provides practical guidance for executives and chief information security officers (CISOs) on deploying AI to strengthen cyber resilience while avoiding overdependence on automated systems.

AI Adoption Must Align with Business Strategy

The WEF stressed that organizations should avoid deploying AI for cybersecurity simply because of technological hype. Instead, executives should “align the adoption of AI in cybersecurity with organizational strategic priorities,” ensuring it supports broader goals such as resilience, compliance and operational efficiency.

Before deployment, companies must establish ” organizational readiness across processes, data, infrastructure, skills and governance before deploying AI in cybersecurity,” the report said adding that validating “AI solutions through structured pilots prior to full deployment”.

However, “AI can strengthen cybersecurity only if the necessary foundational elements are in place,” the report warned, cautioning that poor data quality, weak governance or inadequate skills can undermine deployments and waste resources.

Cybersecurity Teams Already Seeing Gains

The report suggests AI adoption in cybersecurity is accelerating rapidly.

Citing findings from the Global Cybersecurity Outlook 2026, WEF said 77% of organizations already use AI in cybersecurity, while 88% of security teams report time savings and stronger opportunities for proactive defence.

Organizations using AI extensively in security shortened breach times by roughly 80 days and reduced average breach costs by $1.9 million, according to the white paper.

Drawing on case studies from WEF partners and insights from more than 84 organizations across 15 industries, the report outlines how AI is being used across the cybersecurity lifecycle, including cyber governance, threat intelligence, phishing detection, anomaly monitoring, incident response and system recovery.

For example, AI systems are helping organizations improve vulnerability detection, automate threat intelligence analysis and strengthen protection against phishing campaigns and other cyberattacks.

Human Oversight Remains Essential

Despite the benefits, the report cautioned against excessive reliance on automation. It noted:

“Heavy reliance on AI can undermine cyber resilience. Excessive trust in automated decisions creates a false sense of security and over time erodes the expertise needed to intervene when systems fail. To prevent over-reliance on AI, security teams should combine AI with human judgement, simulate AI failures and design fail-safes that keep security operations functional during AI outages.”

Looking ahead, the report identified “agentic AI”, autonomous systems capable of independently coordinating cyber defence, as a major opportunity, but one requiring “robust governance, clear accountability and meaningful human oversight” to prevent unintended risks.

IMF Warming

Here it should be noted that the International Monetary Fund (IMF) has recently warned that rapid AI adoption is increasing cyber risks for the global financial system, even as it improves fraud detection and cybersecurity.

In a recent blog post, the IMF said advanced AI tools are making cyberattacks faster and more sophisticated, raising the risk of disruptions across interconnected financial systems, including payment networks and cloud infrastructure.

While calling AI an essential cyber defence tool, it urged regulators and firms to adopt a “resilience-first” approach focused on cyber stress testing, rapid recovery, business continuity and stronger international coordination.