AI tops the list of cyber security concerns for the first time this year, according to the Arctic Wolf State of Cybersecurity: 2025 Trends Report.
This emerged during a webinar hosted by Arctic Wolf in partnership with ITWeb this week.
The latest Trends Report found that AI has toppled ransomware as the leading cyber security concern in organisations around the world, that most organisations suffered a significant cyber attack in the past year, and that more organisations are looking to incident response retainers to help improve their resilience.
Analysing the report findings, Jason Oehley, regional sales director at Arctic Wolf, and Andre den Hond, Senior Systems Engineer at Arctic Wolf, said a key reason that AI now topped the list of concerns was its rapid evolution.
Den Hond said: "The speed of AI innovation and evolution is causing a lot of uncertainty. It's also lowering the barrier for entry for attackers, making it easier to carry out social engineering attacks, perform research on targets, build phishing e-mails and also to script, amplify and automate the attacks. It’s allowing less sophisticated attackers to carry out the attacks.”
Key cyber security findings
Den Hond noted that AI was one of four key themes that emerged in the report. “The rise of AI has positive and negative aspects – it can improve cyber security and also be used by threat actors, while AI itself exposes new vulnerabilities. The other key themes were a lack of broad visibility, organisations starting to invest in improving security posture on an ongoing basis, and organisations making use of incident response retainers. In some instances, they have exercised those retainers multiple times within a year,” he said.
Oehley said: “The report found that 52% of the organisations surveyed had a breach, and equally concerning was the finding that 23% were unsure of whether they had been breached at all, indicating that they lacked visibility and detection capability. Around 70% of organisations confirmed that they had experienced a cyber attack in 2024, with malware and business e-mail compromise attacks the most prevalent at 35% each, followed by ransomware – accounting for 23% of the attacks. Sixty-four percent of significant cyber attacks led to a loss of productivity for at least three months, while 24% resulted in productivity losses for six months or more.”
Oehley said the median ransomware demand in South Africa rose sharply from R3 million in 2024 to R17 million in 2025. Most organisations paid some form of ransom, most used the services of professional ransomware negotiators, and 52% of those who went this route said doing so reduced the ransom.
Addressing key concerns
Oehley and Den Hond outlined how Arctic Wolf helps customers mitigate risk and improve their cyber security posture, using AI to enhance its capabilities.
Oehley said: “It is important not to confuse a platform approach to cyber security with a portfolio of products. Arctic Wolf is different in that our platform approach has security operations at its core with layers built on top of it, including the Aurora platform, our Concierge service, MDR, IR and other services, Aurora endpoint security and Alpha AI engine, to add value to our security operations approach.”
“Arctic Wolf’s open platform provides broad visibility via XDR to move customers from reactive mode to proactive mode,” he said. “It allows us to unify the attack surface and give customers visibility and flexibility. Our Concierge Security Team trusted advisors work with customers on a tailored security journey, with planned engagements, resiliency assessments, in-depth reviews, strategic security advice, compliance support and post-incident follow-up.”
He added that traditional incident response retainers were no longer enough: “The traditional approach is a ‘use it or lose it’ scenario with associated cost uncertainty. It can take 400 to 450 hours to recover effectively from an attack, which can prove costly when many organisations need incident response support more than once a year. Arctic Wolf has launched three solutions that overcome these challenges – JumpStart retainer, which guarantees a lower than average IR hourly rate; The Incident360 retainer, which covers a full incident – including forensics, threat actor communication and remediation; and Incident360 Plus retainer, which also includes incident readiness services.”
Den Hond highlighted Arctic Wolf’s approach to AI: “Arctic Wolf supports customers with our Alpha AI threat identification, AI powered SOC and AI Concierge. Our strategy is to use AI in threat detection and response in our platform. We also use it extensively in our endpoint solution, and we have agentic AI built into our SOCs to accelerate investigations and automate specific tasks. To build reliable AI, you need massive amounts of data, and our Aurora platform takes in over 7 Petabytes of data a week. We also use security experts to train the models, and this is where our SOC and security services teams come into play. Our data scientists at Arctic Wolf labs leverage intelligence from the customer base to build protection back into the platform.”
Share