Published October 2025

Executive summary

AI is no longer a future disruptor – it’s a present reality. But as adoption accelerates, trust in AI outputs is eroding. Organizations realize that without strong governance, resilient data strategies, and a commitment to quality, AI can just as easily become a liability as a competitive advantage.

Building on AvePoint’s 2024 report, the 2025 report tracks the evolution from AI experimentation to enterprise-wide enablement. The findings revealed that despite widespread AI adoption efforts, critical operational gaps persist around data security and quality, with these foundational issues delaying AI rollouts by up to a year for three-quarters of organizations.

Key takeaways:

• AI rollouts stall before takeoff. 86% of organizations delayed AI deployments by up to a year due to security and data quality concerns.
• AI security incidents are too common. 75% experienced at least one AI-related breach in the past year, primarily due to oversharing sensitive employee or customer data.
• AI data frameworks exist – but fail to deliver. While 90% of organizations claim to have an information management framework, only 30% say it classifies and protects data effectively.
• AI training alone won’t fix trust. 99.5% have invested in AI literacy, but inaccurate outputs and hallucinations still erode employee judgment and decision-making.
• AI customer impact falls short. Organizations say enhancing customer insights and personalization is their top AI goal – yet there is a 5.8% gap between what they hope to achieve and what they actually do.

Published April 2025

Executive summary

Over the last 12 months, there is one word that best describes the cyber threat landscape: velocity.

The speed of cyber threats created an urgent and pressing need for CISOs to respond, as cybercriminals continued to leverage generative AI to increase the volume and velocity of attacks, leaving enterprises on the defense against increased threat activity.

In response, enterprises are prioritizing strategies to respond to threats, invest in security tools, mitigate the cybersecurity skills gap and integrate AI responsibly.

In fact, threat actors are now breaking out into networks faster than ever, according to CrowdStrike, with adversaries moving laterally across a compromised network in 48 minutes on average, with 51 seconds breaking the all-time low record as the fastest time ever recorded.

Security leaders expressed serious concerns that “if we fail [to adapt] … the losses will be immeasurable.”

High-profile breaches and zero-day exploits continue to dominate headlines, while enterprise security teams remain under-resourced from a team, technology and budget standpoint. This forces organizations to make strategic investments to combat the speed, scale and complexity of attacks. The good news? It seems to be working.

AI is both cybersecurity’s biggest threat and most promising savior. Three of the top six challenges related to AI this year, lead by AI-driven cyber attacks (#1), in addition to AI defenses (#5) and generative AI (#6). On the defense side, 77% of CISOs were confident in the future potential of AI to improve their security posture this year, with 75% of firms expressing interest in leveraging AI agents to automate SOC investigations using AI agents by triaging large volumes of security alerts.

As AI dominates both sides of the threat landscape, Scale Venture Partners conducts ongoing research to understand CISO challenges and evolving security solutions. Now in its 12th year, this year’s report consolidates perspectives from CISOs, CIOs, VPs, directors, and IT managers.

Scale Venture Partners commissioned Everclear Marketing and Osterman Research to conduct a survey of 301 security leaders in the United States who are responsible for buying decisions, the success of security deployments, or the overall security of the company.

See also:

• Scale VP’s blog post on the 2025 report.

Published March 2025

Executive summary

Organizations across the world face relentless growth in cyberthreats, as criminal groups leverage new technologies for malicious ends. The application of AI for offensive cyberthreats has threat actors rubbing their hands in glee, and organizations are racing to fight emerging offensive AI with defensive AI. In most years, we see continued evolution in the design of new types of attacks and threats – with recent explorations by threat actors focusing on MFA bypass in phishing attacks, new types of BEC attacks, QR code phishing, and early forays into deepfakes. Incidents and data breaches usually follow.

This research study investigates the on-the-ground cyberthreat realities for firms with up to 1,000 employees. We surveyed 252 organizations in the United States, Canada, United Kingdom, and the European Union.

Discover the latest email security attack trends, new and emerging tactics, and real-world experiences from IT professionals.

Key findings include:

• Half of organizations experienced between two and four types of incidents during the previous 12 months.
• 64.3% expect the threat level of phishing attacks against their organization to rise this year.
• One in five organizations lost money through a business email compromise attack over the previous 12 months.
• 56.3% of respondents anticipate that the threat level of BEC attacks against their organization will increase in 2025.
• Offensive AI used by threat actors enables cyberattacks to become more sophisticated, voluminous, unique, and evasive.
• AI is the emerging innovation that respondents say offers the greatest potential boost to email security at their organization over the next 12 months.
• With continued degradation in the threat landscape anticipated over the next 12 months, organizations that don’t improve their readiness and defenses will be in a progressively worse position over time.

Published November 2024

Executive summary

The cyberthreat landscape is transforming rapidly as threat actors exploit artificial intelligence (AI) to drive attack sophistication and evasion techniques. As a result, security leaders are increasingly turning to AI-powered defensive tools to effectively combat the growing volume and sophistication of AI-enabled attacks.

This report explores the evolving use of AI in both offensive and defensive cybersecurity operations, providing actionable insights based on recent survey data from 125 security leaders in the United States. Three conclusions stand out:

• AI is already a key enabler of advanced cyberattacks. Attackers are leveraging AI to automate and scale attacks, increase the evasion of current security controls, and accelerate attack velocity. Generative AI in particular is giving attackers the ability to create highly targeted, polymorphic phishing campaigns and more sophisticated malware strains that evade detection.
• Defenders are moving quickly but face challenges. While 80% of security leaders agree that AI is essential for countering malicious AI, the deployment of effective AI defenses remains uneven. Defensive AI technologies like behavioral analysis and semi-supervised machine learning are gaining traction, but cybercriminals maintain a clear lead in areas like generative adversarial networks (GANs).
• AI’s impact on cybersecurity professionals is transformative. AI offers the potential to automate routine tasks, freeing cybersecurity professionals to focus on strategic initiatives such as threat hunting, incident response, and defense hardening. However, there is still work to be done in integrating AI into a cohesive long-term cybersecurity strategy, with only 70.4% of leaders ranking strategic alignment as a high priority.

Request a copy

Published August 2023

Executive Summary

Email is one of the most common ingress points into organizations for threat actors. As organizations have implemented email security solutions and trained employees to recognize email attacks, threat actors have pivoted to more advanced methods that bypass protections. They have also embraced artificial intelligence (AI) to make attacks more scalable and personalized while also less detectable. 

Email security vendors are using AI in their defensive tools to stop attacks that leverage new and emerging attack methods in email. Many organizations have gained AI-enabled protections by virtue of their incumbent email security vendors adding AI capabilities to strengthen defensive posture. In addition, most have gone shopping for new solutions offering AI to bolster the baseline protections offered by cloud email providers. 

When purchasing AI-enabled solutions to strengthen email security, organizations want the ability to protect more than just email, automated mitigation and remediation of identified threats, and next-generation capabilities to safeguard employees, the organization, and its customers, suppliers, and business partners.

Request a Copy