Almost All Organizations Hit by Digital Attacks Believe It Was Preventable

Cybersecurity continues to be a major business concern, and information technology decisionmakers shared that the problem is daunting, but solvable. Swimlane Inc., a company that works on agentic artificial intelligence security solutions, surveyed 500 IT and cybersecurity decisionmakers at enterprise companies with at least 1,000 employees in the U.S. and U.K., finding that 66% of respondents had faced a cybersecurity incident in the past year.

Of those, 92% said better security measures could have prevented the incidents. Swimlane’s report, “Cracks in the Foundation: Why Basic Security Still Fails,” found approximately one in seven businesses (15%) said they were “leading” in “cyber hygiene.” More than half of respondents (52%) said employees were the weakest part of their cybersecurity, lacking proper training and awareness.

Employers also came up lacking, as only 32% of respondents said their C-suite prioritized “cyber hygiene” and resilience. Even IT specialists took missteps, as two-thirds of respondents audited user access less frequently than every three months, and 64% did not continuously assess vendor and supplier security after onboarding. When applying critical patches, 73% of surveyed businesses took longer than one day, and one-quarter took between eight and 30 days.

Swimlane, which sells automated AI cybersecurity tools, found in the study that 84% of respondents said AI tools improved “cyber hygiene,” and 64% said they helped increase the company’s focus on cybersecurity. In a separate study of 304 U.S. and Australian business-to-consumer companies, Arkose Labs found that eight in 10 respondents said AI improved their cybersecurity, and companies spent an average of one-third of their cybersecurity budgets on AI.

While Arkose Labs found that more than half of surveyed businesses were using agentic AI, seven in 10 respondents felt that agentic AI will create fundamentally new security risks. About the same proportion of respondents (71%) said it was critical to develop the capability to distinguish between human and AI agents.