Integrating AI into business security operations
AI is gradually becoming an indispensable component in business cybersecurity operations. According to Kaspersky's 2026 global study, nearly 100% of organizations in the Asia-Pacific region (APAC), including businesses in Singapore, Indonesia and Vietnam, plan to apply AI to business security operations.
This trend also reflects how security solution providers are integrating AI into operating procedures to speed up threat detection, reduce the workload for analysts and respond to attacks that occur faster than human processing capabilities. On the contrary, cybercriminals are also taking advantage of AI to automatically collect target information, create increasingly convincing fraudulent content and expand the scale of attacks that previously required a lot of resources as well as technical expertise.
This is the biggest challenge. Almost every AI capability that cybersecurity companies can exploit can be used or adjusted by cybercriminals for attack purposes.
According to Kaspersky data, 21% of organizations believe that cybercrime is dominating the technology race, while 43% believe that bad actors are capable of quickly applying new technologies such as AI to increase attack efficiency.
Therefore, cybersecurity managers need to clearly understand how cybercriminals are taking advantage of AI to serve attacks. At the same time, businesses should prioritize security solutions that integrate AI into daily system protection operations and consider the deployment of AI as a strategic decision, similar to investing in core technology infrastructure.
Deploying AI in cybersecurity infrastructure: Challenges and important steps
According to Kaspersky's 2026 global survey, almost every business in Southeast Asia planning to build a Network Security Operations Center (SOC) within the next two years plans to integrate AI into its operations. However, bringing AI into the network security infrastructure is not only a technology problem but also entails many organizational and technical challenges.
Data quality and data collection scope: The effectiveness of AI in detecting and analyzing threats largely depends on the quality of input data. If data is stored discretely in many different systems and is not connected, AI will have an incomplete view of the entire system, thereby reducing the ability to detect and analyze threats.
Therefore, businesses need to prioritize focusing data from terminals, identity management systems, cloud environments and network infrastructure on a unified platform before applying AI to analyze the link between unusual signs and detect attacks.
Integration capability and total ownership cost: When evaluating an AI application security solution, businesses should not only rely on the number of features. More importantly, the platform can centralize data from multiple sources, limit manual operations when working on multiple different tools, and reduce the workload for the operating team to what extent.
Changes in skills and management gaps: If AI tools require security experts to perform many complex technical configurations, it may cause network security teams with limited resources to face more difficulties instead of helping to narrow the gap in capacity. Meanwhile, the most effective AI solutions are those that are directly integrated into the working process of security experts.
