AI and Cybersecurity: Friend or Foe?

Artificial intelligence is changing the world of cybersecurity at a pace few could have predicted. For defenders, AI is a powerful ally, automating detection, accelerating response and identifying vulnerabilities before attackers exploit them. But for cybercriminals, it’s a new weapon amplifying their reach and precision. 

In my experience as a crisis communications and cyber incident response expert working with companies across industries, from finance and healthcare to manufacturing and education, one thing has become clear, AI is making both sides of the cybersecurity equation smarter. Unfortunately, the bad actors are often faster. 

The Double-Edged Sword Called AI 

AI is a force multiplier. Security teams are using it to analyze massive data sets, flag anomalies and automate containment processes that used to take hours. That’s the good news. 

The bad news is threat actors are using AI as well, to craft more convincing phishing e-mails, mimic executive voices, identify weak points in networks and launch targeted social engineering campaigns at scale. The days of phishing e-mails with misspelled words and bad design are a thing of the past. 

Recent research by IBM found 51% of breaches now involve AI-assisted tools used by attackers, shortening the time between infiltration and data exfiltration. Combine that with deepfake technology and synthetic identities and it’s easy to see how AI has become both a friend and foe in cybersecurity. 

The Myth of Preparedness 

Despite these evolving threats, far too many organizations believe they are ready to respond to a cyber event. Unfortunately, that confidence is often misplaced. 

Time and again, I see companies that have invested heavily in technology but neglected to prepare for the human side of cyber incidents, the communications, the coordination and the rapid decision-making required when an attack hits. The elements of reputation management that are the real perils that face a company experiencing a cyber event. 

They have incident response plans, but those plans are in many cases more theoretical than actionable. The plan looks good on paper and checks the box from a Board oversight perspective, but when ransomware locks systems or a data breach hits the headlines, those same plans fall apart. 

The simple truth is a plan that has never been tested is not a plan. It’s a false sense of security. 

When Theoretical Plans Fail 

The difference between theoretical and actionable plans becomes painfully obvious in the first hour of a cyber event. Theoretical plans often rely on ideal circumstances, systems working, e-mails flowing and decision-makers readily available. 

Reality rarely cooperates when it comes to a cyber event. 

When a company’s systems are encrypted, the e-mail server may be down. Key contact lists may be inaccessible. Executives may be traveling. And the clock is ticking. The team quickly realizes they don’t know who’s responsible for what, what to say publicly, or how to reach stakeholders. 

Panic and confusion take over, resulting in confusion, delays and reputational damage that can last far longer than the technical disruption. 

The Five Cs of Effective Response 

That’s why I encourage companies to focus on what I call the Five Cs of Cyber Incident Response: Communication, Coordination, Clarity, Credibility and Confidence. 

Each element plays a critical role in determining whether a company recovers quickly or collapses under pressure. 

• Communication: Who needs to know what, when and how? This includes key stakeholders such as employees, customers, vendors, regulators and the media. Silence or inconsistent messaging fuels speculation and distrust. 

• Coordination: Ensure all parts of the response team — IT, legal, HR, communications and leadership — are aligned. 

• Clarity: Provide fact-based information. Don’t speculate or promise outcomes you can’t guarantee. 

• Credibility: Transparency builds trust. If you make a mistake, own it. 

• Confidence: A calm, factual and unified response reassures stakeholders and stabilizes the situation. 

When companies rehearse these elements through tabletop exercises and simulated incidents, they turn theory into muscle memory. 

Reputational Fallout: The Forgotten Risk 

While the financial and operational impacts of a cyberattack are well-documented, the reputational toll often receives less attention, until it’s too late. 

A single poorly handled incident can erase years of trust. In many cases, the reputational fallout costs more than the breach itself. The Cost of a Data Breach Report 2024 from IBM reportedcompanies with a strong incident response plan and tested communications strategy saved an average of $1.49 million per breach compared to those that didn’t. 

That’s not just a number. It’s the difference between a company that emerges stronger and one that loses customers, investors and credibility. 

Reputation management is not a post-incident activity. It’s an integral part of cyber preparedness. When a breach happens, the public judges not just what occurred but how the organization responds. 

Building an Actionable, Tested Plan 

An actionable plan goes beyond IT protocols. It’s a cross-functional framework that defines roles, responsibilities and communication pathways when normal systems fail. 

Here are some of the most important steps I advise organizations to take: 

1. Establish a cross-functional incident response team. Include representatives from across your organization, such as leadership, IT, legal, HR, sales and communications. 
2. Identify and engage external cyber incident response experts in advance. Identify your insurer, forensics firm, data privacy counsel and crisis communications experts. 
3. Test the plan regularly. Tabletop exercises expose gaps and build confidence across the response team. 
4. Prepare communication templates. Have pre-approved messaging for all stakeholders, such as employees, customers, vendors and media. 
5. Ensure plan accessibility. Store critical contact lists and procedures in print or secure formats separated from your organization’s online systems. 
6. Integrate reputation management. Make protecting trust a key response objective, not an afterthought. 

The goal is simple, eliminate surprises when the unexpected happens. 

AI Isn’t Going Away, But Neither Is Human Judgment 

AI will continue to reshape the cybersecurity landscape. Defensive systems will get smarter and attackers will become more sophisticated. But amid all the automation, human judgment remains the most valuable asset in a crisis. 

The companies that weather cyber incidents best are those that empower people, not just systems, to act quickly, communicate clearly and lead with integrity. 

AI may change the tools we use, but it doesn’t change the fundamentals: preparation, testing and teamwork. 

Prepare, Test, Repeat 

Cyber events are here to stay. The question isn’t whether your organization will be targeted, but when and how well you’ll respond. 

With AI making attacks faster, more deceptive and more damaging, now is not the time for complacency.  

Build a plan, test it and make sure it works in the real world, not just on paper. 

Because in today’s environment, the difference between a company that survives a cyber event and one that doesn’t often comes down to a single factor — preparedness.