Agentic AI Delivers Millions in Cybersecurity Savings and Enhanced Protection

A recent study by professional services firm EY reveals that organizations are increasingly turning to agentic artificial intelligence to scale their cybersecurity operations, resulting in significant cost savings and enhanced efficiency. As cyber threats become more sophisticated, often leveraging AI themselves, businesses are finding that traditional security measures are no longer sufficient.[1][2] This shift towards AI-powered defense mechanisms marks a pivotal moment for the cybersecurity industry, with Chief Information Security Officers (CISOs) leading the charge in adopting these advanced automated systems.[3] The research highlights a clear trend: companies that integrate AI deeply into their cybersecurity frameworks are not only better protected but are also unlocking substantial financial and operational benefits.[4][5]

The 2025 EY Global Cybersecurity Leadership Insights Study, which surveyed 550 C-suite and cybersecurity leaders, found that simplification and automation in cybersecurity have led to a median annual cost saving of $1.7 million per organization.[4][6] These savings are just the beginning, with expectations for rapid growth as AI programs mature.[6] Agentic AI, a more advanced form of artificial intelligence capable of autonomous, goal-directed behavior, is at the heart of this transformation.[7] Unlike traditional AI that relies on predefined rules, agentic AI can independently manage security objectives, orchestrate various tools, and adapt to evolving threats in real-time without constant human oversight.[7] This allows for the automation of complex, multi-step workflows, from threat detection all the way to resolution, significantly reducing the time it takes to neutralize a threat.[4][6] For instance, technologies like Crowdstrike's Charlotte AI can handle the entire incident response process without human intervention.[4][6] This level of automation is crucial in an environment where security teams are often overwhelmed by a high volume of alerts and a growing number of security tools, with organizations using a median of 35 different tools.[6][2]

The study further quantifies the value cybersecurity brings to broader business initiatives. It found that the cybersecurity function contributes between 11% and 20% of the value, or a median of $36 million, to each enterprise-wide strategic initiative it is involved in.[4] This includes areas like adopting new technology, strengthening brand trust, and developing new products.[4][6] The research identified a group of high-performing organizations, dubbed "Secure Creators," which comprised 47% of the survey sample.[6] These organizations are characterized by their advanced cybersecurity functions and their early and deep involvement in key business initiatives.[4][6] Secure Creators were significantly more likely to assist other business functions in implementing AI (48% vs. 31% of their peers, "Prone Enterprises") and had a more positive impact on their brand's external perception (72% vs. 56%).[4][6] This demonstrates a shift in the CISO's role from a technical practitioner to a strategic business executive.[4] However, a disconnect remains, as only 13% of CISOs report being consulted early in urgent strategic decisions, and cybersecurity budgets have seen a decrease as a percentage of annual revenue.[6]

Despite the clear benefits and a strong push towards adoption, challenges remain. A significant hurdle for many CISOs is articulating the value they provide beyond simple risk mitigation, with 58% finding this difficult.[6] Furthermore, while the adoption of agentic AI is accelerating, with one EY poll showing about 48% of tech leaders have started deploying it, there is a concerning gap in understanding the associated risks.[8][9] Only 56% of companies felt moderately or fully familiar with the risks of agentic AI, which include prompt injection, data poisoning, and bias.[8] The rapid pace of AI implementation is outstripping the development of governance and security controls in many organizations.[8] This underscores the need for robust AI governance frameworks and for CISOs to proactively lead the conversation on secure AI adoption, ensuring that security measures are integrated from the very beginning of the AI lifecycle.[3][10][11]

In conclusion, the adoption of agentic AI in cybersecurity represents a paradigm shift, offering a powerful solution to the escalating complexity and volume of cyber threats.[1][12] The EY study provides compelling evidence that organizations leveraging this technology are not only realizing millions in cost savings but are also enabling greater business value by allowing cybersecurity to function as a strategic partner rather than a cost center.[4][6] The path forward requires CISOs to not only be technology leaders but also skilled communicators who can articulate their strategic importance and guide their organizations toward a secure and innovative AI-powered future.[10][4] As companies continue to navigate the dual opportunities and threats presented by AI, the role of the CISO in championing secure and responsible AI adoption will be more critical than ever.[3][11]