Balancing AI & Automation Speed with Security

Artificial Intelligence (AI) is transforming cyber security. Tasks that once absorbed analysts for hours can now be automated in minutes. Threat detection, once limited by human stamina, is being accelerated by algorithms capable of scanning vast datasets in real time. The upside is obvious: faster triage, earlier detection and more efficient use of scarce skills. But the same technology is also in the hands of attackers who are using AI to generate realistic phishing campaigns, deepfake identities and automated reconnaissance.  

Watch this 1 minute 11 seconds clip to see how organisations are using AI to their benefit while keeping security at the forefront

The reality for mid-market firms 

The UK government’s Cyber Security Breaches Survey shows that 67% of medium-sized businesses reported a cyber attack in the last year, with phishing the most common and disruptive method. Mid-market firms sit in the crosshairs of these attacks. They are too large to fly under the radar, yet too lean to run enterprise-grade security teams. When the skills or resources are not there, any gaps show up quickly in delayed responses and misconfigured defences. 

The challenge is being compounded by a new wave of AI-driven threats. Research by SecurityBrief UK found that 62% of UK CISOs now see AI-based risks as their biggest concern for 2025. Indeed, the World Economic Forum has warned that both state-backed and criminal groups are already using AI to enhance cyber campaigns.  

Speed creates blind spots 

At Infosecurity Europe earlier this year, I spoke with businesses who feel the impact daily. Waseem Raad, Head of Information Technology at Lightrock, said,“Everyone wants to use AI but no one stops to ask if it’s secure. The real challenge is finding the balance between collaboration, productivity and protection.”  

The same pressure points kept coming up: shadow AI in collaboration tools, models trialled without review, sensitive prompts shared in public channels. Above all, identity signals are scattered across systems so security teams cannot see who is doing what, on which device, with which data and for what purpose. When that context is missing, policy becomes a best guess and response slows to a crawl. 

And it’s not just what our employees are doing, attackers are not just automating old tricks, they are inventing new ones. Generative models allow phishing attempts to be customised with near-perfect grammar and tone, stripping away the obvious red flags employees once relied on. Deepfakes add a layer of social engineering that makes fraud far harder to detect.  

Identity beats perimeter 

The answer is not another perimeter control. It is a shift in focus to identity and intent so access decisions are based on the user, the device posture and the sensitivity of the data, evaluated continuously rather than at a single login. That approach turns AI from a source of new blind spots into a way to enforce policy at speed and at scale. 

William Wilson, Head of Threat Protection and Governance at Altum Group, summed up the mindset shift:“As AI reshapes how attacks work, we have had to shift our thinking and approach.Perimeter-based security is not enough. Identity and intent-aware defences are where the battle is moving.” In practice, that means continuous evaluation of who the user is, the health of the device and the sensitivity of the data being accessed, with policy decisions enforced automatically.

The question is how mid-market firms can achieve this when their resources are already stretched? 

Five practical steps 

From my conversations with peers and customers, five priorities stand out for any mid-market firm looking to put AI to work securely:

1. Start with identity and data Map critical identities, devices and data. Enforce conditional access and apply data classification so controls can act automatically. When identity, device health and data sensitivity are evaluated together, decisions are faster and safer.
2. Automate containment first. Automate containment of risky sessions, devices and tokens. Keep people in the loop for exceptions. This reduces alert fatigue, shortens dwell time and lowers impact.
3. Tune your models. Retrain detection models against current phishing and compromise patterns. AI-assisted attackers iterate weekly, so your defences must too.
4. Prove governance. Run Data Protection Impact Assessments (DPIA) where AI uses personal data. Document training sources, retention and access. Align with ICO and EDPB guidance. This is not paperwork, it is what keeps AI deployable in production.
5. Measure what matters. Track detection and containment times, auto-remediation rates and analyst workload reduction. Link these to board-level risk metrics and insurance posture highlighting progress and identifying areas for further consideration.

One business already taking this approach is Hollywood Bowl. Dan Burborough, Head of IT Security, told me: “AI hasn’t replaced our analysts but it’s saved them a ton of time. They spend far less time triaging and more time solving. That’s where AI earns its keep.” 

The balanced path forward 

AI is now inseparable from cyber security. Used well, it reduces breach costs, shrinks detection windows and gives analysts the breathing space to focus on higher-value work. Used poorly, it creates blind spots, brittle processes and compliance headaches that attackers will exploit. 

The organisations that succeed will be those that treat identity as the new perimeter, automate containment where possible and embed governance from the start. The balance is not about choosing between speed and safety. The real art is striking a balance where AI delivers speed without sacrificing security and that is what every mid-market firm must now master.