As organizations continue to embrace artificial intelligence (AI) to drive innovation, transform operations, and streamline decision-making, they must contend with another reality: AI is rapidly reshaping the cybersecurity threat landscape. While AI is helping CISOs improve detection and response, it’s also leading to more sophisticated cyberattacks. The same AI engines that generate valuable insights can also generate fake identities, phishing campaigns, and malware.
Wipro’s State of Cybersecurity Report 2025 accurately depicts this reality. Despite AI’s promise to strengthen security, organizations are still falling short. However, that’s not because of technology but because of accountability gaps, siloed governance plans, and poor cybersecurity awareness training. Many cyber breaches stem not from advanced adversaries alone but from human error, and underinvestment in basic cybersecurity.
The Expanding Threat Landscape
AI has changed the landscape for cybercriminals. They can now use generative models to craft personalized phishing messages, automate the creation of malware that can evade detection, and even manipulate audio and video to impersonate executives through deepfakes. These tactics are no longer limited to nation-state actors or elite hacking groups since they are accessible through open-source tools and AI-as-a-service platforms.
Wipro’s research shows that 44% of organizations now cite internal negligence and a lack of employee cybersecurity awareness as top vulnerabilities, even more than ransomware on the risk index. This shows that many businesses are not keeping pace with the evolving nature of attacks: legacy systems, outdated software, and weak patch management strategies make it easy for cybercriminals to breach networks.
Neglecting fundamental security practices is no longer an outdated or forgivable oversight — it’s a critical business risk. The rise of AI-enabled attacks only widens the gap between organizations that take cybersecurity seriously and those that do not.
Blurred Lines of Responsibility
One of the report’s key findings is the lack of clarity around cybersecurity ownership. While 53% of CISOs report directly to CIOs, the rest are scattered across various executive functions, including COOs, CFOs, and legal teams. This weakens decision-making and makes knowing who is truly accountable for security outcomes confusing.
This problem becomes more acute when AI enters the picture. The report found that 70% of European respondents believe AI implementation should be a shared responsibility, yet only 13% have a designated team overseeing it. AI adoption often proceeds without critical risk oversight without clearly defined ownership, leading to inconsistent practices, unmanaged vulnerabilities, and missed opportunities for alignment with regulatory frameworks.
IT leaders must treat cybersecurity and AI governance as strategic priorities at the executive board level. Senior executives must go beyond passive oversight and participate in tabletop exercises, scenario planning, and cyber readiness reviews. In today’s environment, collaboration, communication, and crisis management are necessary for maintaining resilience.
AI’s Role in Reshaping Security
While AI has created new threats, it also offers powerful capabilities to help organizations protect their networks. AI-driven threat detection can analyze large amounts of data in real time, reduce false positives, and identify behavioral irregularities that might indicate a breach. It can automate incident triage, accelerate response times, and help security operations centers.
According to Wipro, 93% of surveyed organizations prioritize AI for threat detection and response, reflecting organizations’ value on threat detection. This dual-use nature of AI demands a measured and responsible approach to implementation. Organizations need governance frameworks that cover model explainability, bias mitigation, and compliance with data privacy laws. Without these, AI can become an unpredictable risk rather than a tool for resilience.
Why Employee Training Still Matters
In a world of advanced AI tools, human error still remains the most consistent vulnerability in cybersecurity. Phishing remains the top attack vector for 65% of organizations. As attackers use AI to create more convincing social engineering tactics, the risk of user-triggered breaches increases.
One primary reason for this is that organizations often view cybersecurity training as a one-time compliance activity. It must be an ongoing process that evolves over time. Employees should be trained on common threats and AI-powered risks, like deepfake voice impersonation or prompt injection attacks on AI-enabled platforms. Neglected updates, unpatched systems, and reliance on legacy infrastructure remain persistent issues, and these lapses create opportunities for breaches. Training must go hand-in-hand with routine audits, patch management, and cross-departmental coordination.
To truly defend against modern threats, organizations must invest in human and machine intelligence and ensure their teams are as agile and adaptive as their technologies.
Building a Culture of Accountability
The foundation of a cybersecurity strategy isn’t technology; it’s clarity. Organizations must define who is responsible for what, establish governance structures, and encourage a security-first culture that spans all areas.
The key is to empower the CISO or equivalent IT leadership role with authority and visibility. It is wise to form cross-functional cyber risk councils, including IT, compliance, legal, and business unit representatives. Some companies are establishing board-level committees focused specifically on cybersecurity oversight.
Governance frameworks for AI deployments must include controls over training data, model deployment, access rights, and real-time monitoring. These frameworks should evolve alongside regulations like the EU AI Act and emerging industry standards for ethical AI use.
Employee education around AI must also be embedded in this cultural shift. AI security isn’t just an IT problem — it’s a shared responsibility across departments, regions, and roles. The entire company wins when everyone in the organization understands their role in protecting data and systems.
From Awareness to Action
AI is redrawing the cybersecurity landscape. Attackers are faster, more scalable, and increasingly automated. Defenders have powerful tools at their disposal, but tools alone won’t save them.
Organizations must build better governance processes, not just more powerful algorithms. This includes clarifying accountability for AI systems and possibly including AI into the cybersecurity mix.
The report sends a clear message: technology is advancing rapidly, but people, processes, and priorities are lagging. Bridging that gap is a strategic imperative, especially now as AI has come into the picture. There’s no doubt that AI will continue to transform the way we live and work. But whether that transformation strengthens or compromises your organization depends on how seriously you take accountability, starting today.
