The size of the worldwide market for artificial intelligence was valued at $136.55 billion in 2022. This is expected to grow to $1,811.75 billion by 2030, expanding at a compound annual growth rate (CAGR) of 37.3% between now and the start of the next decade, according to figures from a study published by Grand View Research.
The share of this vast AI market that relates to cybersecurity is not insignificant. In 2022, the global artificial intelligence in cybersecurity market was valued at $16.48 billion. It is expected to expand at a CAGR of 24.3% from 2022, reaching $93.75 billion by 2030, according to another study published by Grand View Research.
Artificial intelligence’s ability to process large volumes of data is one of its many advantages. It can not only detect threats on a broad cross-section of information system components, including emails, visited websites, third-party applications and shared files, but it can also identify anomalies on network data flows.
AI is also adept at identifying links between different data sources. This saves cybersecurity analysts valuable hours spent on time-consuming tasks. It provides support to teams dealing with a high volume of alerts, a scenario that significantly complicates their decision-making.
Leveraging AI in cybersecurity typically means that IT departments can manage a greater number of threats more effectively. For example, automated tagging can dramatically simplify the management of each individual threat. In addition, the machine learning algorithm can solve some of the problems itself.
Lastly, with over 14 billion connected objects in 2022, a figure 18% higher than in 2021 according to IoT Analytics, IoT security could also benefit from support provided by artificial intelligence, especially given the sheer size of the area to be protected and the huge diversity of devices.
Machine learning and deep learning
Machine learning is the predominant artificial intelligence technology used in cybersecurity solutions. It made up almost half (46.8%) of the technologies implemented in 2021, according to Grand View Research. Machine learning uses existing behavioural patterns to make decisions based on data and previous conclusions. Human intervention is still required to implement changes. It is suitable for use in suspicious event detection, biometric access control and incident response, for example.
The use of deep learning, a sub-field of machine learning, is also on the rise. AI specialists create neural networks modelled on how the human brain works. These networks are then trained using large databases and can learn – over time – to identify malicious code.
“We have been using machine learning, and more specifically deep learning, for many years. Even though these technologies are very fashionable at the moment, they have been implemented in our applications for a long time, mainly in our server security solutions (Endpoint), in our endpoint detection and response (EDR) and extended detection and response (XDR) solutions, and in the detection part of our Cloud solutions at the infrastructure level,” says Thierry Gourdin, Pre-Sales Director at Kaspersky France & North, West and Central Africa.
In cybersecurity solutions, AI also needs to be fed with a lot of data sets to work properly. “We are fortunate to have the Kaspersky Security Network, which is one of the largest databases of both healthy (6.2 billion) and malicious (1.9 billion) objects. This database categorises objects according to how dangerous they are and what they do. Using this database, but also using behavioural models of known malware actions, our algorithms learn to detect new behaviours,” adds Gourdin.
The financial sector and central government agencies waiting in the wings
Among the segments most eager to use artificial intelligence in cybersecurity solutions, the enterprise segment unsurprisingly comes out on top with a market share of 23.5% in 2021, according to Grand View Research. However, the banking, financial services and insurance (BFSI) sector could emerge as a major market for cybersecurity AI to prevent data leaks, resist cyberattacks and bolster security.
“The wave of innovations and technological advances has brought a paradigm shift in making payments, purchases, applying for loans and withdrawals to crowdfunding. Furthermore, banks and financial institutions are likely to count on the zero-trust model for hardware to boost threat intelligence-based actions,” reads the Grand View Research report.
The central government sector is also showing an increased appetite for artificial intelligence following an increase in cybersecurity incidents. In its Cyber Threat Overview 2022, the French National Cyber Security Agency (ANSSI) warns that attacks are becoming increasingly sophisticated. “The convergence of tools and techniques used by different attacker profiles also continued in 2022. The use of ransomware by state-sponsored attackers highlights the porosity between different attacker profiles. Their use for destabilisation purposes in the context of sabotage operations actually materialised in 2022 and further disrupts the characterisation and attribution of malicious activities,” reads the report.
More generally, the cybercriminal threat, and more specifically the threat from ransomware, persists in France, with a resurgence of activity at the end of 2022. It particularly affects VSEs, SMEs and MSEs (40% of ransomware dealt with or reported to ANSSI in 2022), local authorities (23%) and public health institutions (10%). This must not detract from other types of cybercriminal activity such as cryptomining. Cryptomining has become more covert than in the past and generates significant funds that threat actors can reinvest to acquire new capabilities.
The use of artificial intelligence in cybersecurity solutions continues to grow year on year. The need for this is heightened by the rapid progress of AI in other areas. This is particularly the case for language models such as ChatGPT, developed by OpenAI.
These tools are likely to be very helpful to hackers, providing them with texts that can be used for phishing operations or with source code that can be easily exploited, for example. This expands the scope of the threat by providing new opportunities for unskilled cybercriminals.