Cybersecurity’s Economics Are Broken. Automation Alone Won’t Fix It

Frontier AI is collapsing the time and cost required to launch cyberattacks, and it’s reshaping the economics of cybersecurity.

Working exploits can now be built in hours for roughly $2,000, while the average cost of a data breach in the UK has climbed to $4.53 million. That fundamental imbalance is shifting cyber power into the hands of attackers, where it will likely remain for several years.

As frontier AI-driven attacks scale, the consequence won’t just be more breaches across more organizations. We’re going to see more disruptive cyber events, especially across Europe’s critical infrastructure sectors.

We’ve seen what this look like without AI – hospitals shutting down, cyber induced power outages, and water supplies being tampered with. Now, those same outcomes are far easier and cheaper to produce.

This new dynamic is forcing organizations to rethink a long-held assumption: that automation alone is the answer to evolving cyber threats.

Automation was built for a world where alerts could queue, investigations could take time. That world is slowly disappearing, as time becomes a more expensive liability by the day.

This problem isn’t something technology alone can fix. It’s a critical part of the solution, but the problem runs deeper. The system itself is out of balance, it’s easier to attack than it is to defend.  Incentives to invest in prevention, fix vulnerabilities quickly, and share intelligence across public and private sectors aren’t aligned. And in an interconnected economy, the cost of a breach rarely stays contained to one organization.

Designing Systems for a Faster, More Connected Threat Landscape

Many organizations have automated parts of the security lifecycle, particularly in detection and response. But that piecemeal approach won’t help us decide or act at the new speed of threats.

We can’t afford delayed remediation when attackers are capable of generating exploits in hours. The time between detection and action is where attackers win, and where many security programs fall short. They focus on improving visibility without fundamentally changing how decisions are made. More alerts won’t solve this problem if organizations can’t respond fast enough to stop an attack.

We’re entering a moment of choice. We can continue layering AI and automation technologies onto existing workflows, or we can rethink how decisions are made and executed altogether.

That means moving from automation to autonomy: systems that can triage, decide, and act in real time, with humans setting intent, policy, and oversight. It also means changing our approach to governance, incentives, and collaboration across the ecosystem:

  • Decision-making must be redesigned. In many organizations, the bottleneck isn’t a lack of data it’s a lack of authority to act. Escalation paths were built for a slower era and now they introduce unnecessary risk. We see this all the time in our cyber range simulations: communication breaks down, and participants hesitate under pressure. We need clear mandates, lower barriers to initiate containment and remediation and exercises that simulate the reality of today’s threats.
  • Resilience must take priority over prevention. We know it’s not possible to stop every attack, especially in a world with frontier AI threats. We have to design for continuity, rapid containment, and recovery. This shift is already reflected in European frameworks like NIS2 and DORA, which emphasize operational resilience alongside security controls.
  • Vulnerability management must extend beyond enterprise boundaries. In a deeply interconnected economy, exposures in third-party vendors, software supply chains, and open-source dependencies are now primary risk vectors. We have to coordinate across partners, sectors, and borders. Initiatives like IBM’s Project Lightwell point to that shift: a clearinghouse model where organizations can share, validate, and act on vulnerability intelligence collectively, shrinking the time between discovery and remediation across the ecosystem.
  • Collaboration needs to scale alongside threats. Public-private partnerships, national CERTs, and cross-industry intelligence sharing will play a critical role in closing the gap. No single organization can match the speed and scale of frontier AI-driven attacks alone.

Restoring Balance

By reducing response times, rethinking decision making, moving from automation to autonomous systems that can act in real time organizations can shrink the attacker’s window of opportunity, and start to shift the economics back in their favor.

The organizations that succeed in this next phase won’t just have more automation. They will operate differently, by moving faster, deciding more decisively and collaborating across the ecosystem. Because when the cost of launching an attack drops to thousands, and the cost of failure remains in the millions, standing still isn’t just inefficient. It’s a strategic risk and increasingly, a shared one.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *