Kroll’s latest global cyber‑resilience research reveals that 76 % of organizations have suffered a security incident involving artificial intelligence (AI) applications or models in the past two years, while 27 % report losses exceeding $1 million per breach. The study underscores a widening gap between rapid AI deployment and the governance, controls, and incident‑response capabilities needed to keep AI‑driven attack surfaces in check.
AI Adoption Outpaces Governance
Enterprises are integrating AI into everything from customer service chatbots to autonomous decision‑making platforms. Kroll’s data, gathered from 1,000 senior cybersecurity decision‑makers across ten major economies, shows that the speed of AI adoption is dramatically outpacing the implementation of basic security safeguards. While 90 % of respondents cite “lack of clear ROI,” “insufficient executive understanding,” and a “false sense of existing protection” as barriers to investing in AI security, only 13 % of AI budgets are earmarked for testing models against threats.
The research paints a stark picture: organizations that have reached a high level of cyber maturity spend six times more on AI security testing and are far less likely to experience AI‑related incidents. In contrast, firms with low maturity see an 89 % incident rate, and almost half of the most mature respondents reported zero AI security breaches in the last two years.
Why the Gap Matters
AI’s promise of increased efficiency and predictive power can quickly become a liability when foundational security practices are ignored. “Adopting AI without first hardening the basics—identity management, secure architecture, and incident response—creates a dangerous security debt,” says Dave Burg, Global Group Head of Cyber and Data Resilience at Kroll. The study confirms that AI is not inherently risky; rather, it magnifies existing vulnerabilities when deployed on shaky foundations.
The implications extend beyond isolated breaches. A Gartner forecast predicts worldwide AI security spending will climb to $27 billion by 2027, reflecting growing awareness that AI can both defend and destabilize enterprise environments. Kroll’s findings suggest many organizations are still on the wrong side of that curve.
Competitive Landscape: How Kroll Stands Out
Kroll’s partnership with CrowdStrike’s Charlotte AI AgentWorks Ecosystem demonstrates a pragmatic approach to bridging the security gap. By embedding AI‑enhanced detection and response agents directly into managed security services, Kroll offers a model that rivals traditional SIEM‑centric solutions from Microsoft Sentinel or Amazon GuardDuty. Unlike generic AI‑security add‑ons, Kroll’s integrated agents are purpose‑built to test, monitor, and remediate AI model vulnerabilities in real time.
For enterprises already invested in Google Cloud’s Vertex AI or Microsoft Azure AI, Kroll’s methodology provides a complementary layer of defense that focuses on governance and model integrity rather than merely scaling compute resources.
Impact on Enterprise Marketing Teams
Marketing departments are among the fastest adopters of generative AI for marketing teams content creation, audience segmentation, and campaign automation. The Kroll report warns that without clear policies and model‑testing regimes, these AI‑powered tools can inadvertently expose sensitive customer data or generate brand‑harmful content. Companies with mature security postures are better equipped to enforce usage policies, audit model outputs, and quickly contain any AI‑related fallout—critical capabilities for maintaining consumer trust in a data‑driven marketplace.
Path Forward: Building AI Security Foundations
- Allocate Dedicated Budgets – Shift a larger portion of AI spend toward security testing and governance. Companies with >20 % of AI budgets earmarked for security see significantly fewer incidents.
- Centralize AI Platforms – Adopt a unified AI platform strategy that includes built‑in security controls, reducing fragmented attack surfaces.
- Elevate Executive Literacy – Equip leadership with a realistic understanding of AI risks to justify investment in robust safeguards.
- Integrate AI into Existing SOCs – Leverage AI agents, like those from CrowdStrike’s ecosystem, to augment detection, investigation, and response workflows.
By embedding these practices, enterprises can transform AI from a liability into a resilient competitive advantage.
Market Landscape
AI security is rapidly evolving from a niche concern to a core component of enterprise risk management. IDC predicts that by 2028, 60 % of AI projects will incorporate built‑in security controls, up from just 15 % in 2023. Major cloud providers—Google, Amazon, and Microsoft—are rolling out AI‑specific security services, while vendors such as Adobe and Salesforce are integrating generative AI features with compliance frameworks. Kroll’s research positions the firm as a bridge between traditional cyber‑risk consulting and next‑gen AI security, differentiating it from pure‑play security firms that focus solely on threat detection.
Top Insights
- AI incidents are now mainstream: 76 % of surveyed firms experienced an AI‑related breach in the last two years, signaling a shift from isolated events to industry‑wide risk.
- Maturity cuts incident rates: Companies with high cyber maturity see a 35 % drop in AI security incidents compared with low‑maturity peers.
- Budget allocation matters: Only 13 % of AI spend is currently used for security testing; raising this to 20 % could halve breach frequency.
- Governance gaps widen attack surface: Nearly half of respondents lack formal AI governance, leaving models vulnerable to manipulation and data leakage.
- Integrated AI agents accelerate response: Partnerships like Kroll’s with CrowdStrike’s AI AgentWorks offer real‑time model‑level threat mitigation, outpacing traditional SIEM solutions.
Power Tomorrow’s Intelligence — Build It with TechEdgeAI
