Attackers are moving at machine speed, defenders are still in meetings

Threat actors are using AI across the attack lifecycle, increasing speed, scale, and adaptability, according to the 2026 State of Cybersecurity report by Ivanti.

The study compares perceived threat levels across common attack types with organizational readiness to respond and identifies persistent gaps between awareness and execution across security programs.

Preparedness lags behind threat levels

Organizations consistently rate their preparedness below the threat levels they expect to encounter. 63% of respondents believe threat activity increased over the past year, while only 30% say their organization is well prepared to handle current attack types.

This gap appears across ransomware, phishing, and supply chain attacks. More advanced threats such as zero day exploits and long running intrusion campaigns show the widest preparedness gaps. Security teams track these threats closely, and confidence declines once incidents move beyond detection into response and containment.

Respondents expect pressure to increase as attacks become easier to launch and harder to attribute. Investment plans reflect this expectation, and improvements in readiness progress more slowly than changes in attacker capability.

AI use favors attackers

AI stands out as a major driver of attacker advantage. Security professionals agree that threat actors adopt AI faster and apply it more consistently across operations.

“Security leaders understand that time and people are their most valuable assets. Currently, AI tools are effective at automatically handling cyber hygiene tasks that can bog down IT teams and helping close some of the most common gaps in an organizations’ defense,” said Daniel Spicer, CSO at Ivanti.

Security professionals report steady progress in using AI for detection, prioritization, and analysis. Many also describe uneven deployment across teams and cite integration challenges and trust concerns as reasons AI tools remain underused in daily operations.

Threat actors apply AI to reconnaissance, phishing, and malicious code development. These methods support faster execution and broader reach. Security teams recognize this shift, and many describe AI programs that remain limited in operational impact.

Decision making slows response

Another major finding centers on decision making during incidents. One in three organizations reports difficulty turning security data into timely decisions. Teams collect extensive telemetry without consistent processes for interpretation and prioritization.

Respondents track vulnerabilities and misconfigurations across environments, though fewer link that data directly to risk based prioritization. Security teams often receive more alerts than they can address, which delays response and increases uncertainty during active incidents.

The research shows that organizations rely on fragmented tools to track exposure metrics. This fragmentation affects confidence in reporting and weakens communication with executive leadership.

Automation adoption remains uneven

Automation adoption concentrates in areas with predictable workflows, including parts of incident response and vulnerability scanning. More complex functions that span multiple teams and systems see slower adoption.

Respondents report stronger confidence in automation where processes are well defined. Teams struggle when automation requires cross functional coordination or data normalization across tools. These friction points slow deployment and limits consistency.

Security professionals view AI driven automation as critical for keeping response times aligned with attacker speed, especially as alert volumes increase.

Exposure management links to maturity

Organizations with more mature security programs show stronger exposure management practices. Their teams prioritize risks based on likelihood and impact and align remediation with operational priorities. Leadership involvement supports sustained investment and accountability.

Operational strain and budget pressure limit progress elsewhere, even when teams understand their exposure. The research connects stronger exposure management practices with improved resilience and reduced disruption across environments.