According to Fortune, cybersecurity leaders at the Fortune Global Forum in Riyadh revealed that artificial intelligence is enabling cybercriminals to conduct “customized attacks at scale” that were previously labor-intensive. Rubrik CEO Bipul Sinha explained that AI can now automate sophisticated social engineering attacks that previously required extensive research, while Kyndryl’s Pieter Bil noted that expanding attack surfaces from IoT, cloud, and remote work create new vulnerabilities. Rapid SOS CEO Michael Martin highlighted the life-threatening consequences, citing at least four statewide 911 outages in the U.S. last year linked to cyberattacks, while hospitals face particular risk with three times more sensitive data than average organizations. The panelists suggested AI could help defenders by automating routine security tasks and potentially attracting more talent to the field.
Table of Contents
The New Attack Economy
The fundamental shift here isn’t just about better tools—it’s about changing the economics of cybercrime. Traditional cyberattacks required significant human capital: researching targets, crafting convincing phishing emails, and manually exploiting vulnerabilities. Now, artificial intelligence enables what security professionals call “mass customization”—the ability to generate thousands of unique, contextually relevant attacks that bypass traditional detection methods. This represents a complete inversion of the attacker-defender balance, where automation previously favored security teams through pattern recognition and anomaly detection.
Critical Infrastructure Blind Spots
The connection between cyberattacks and physical safety represents an escalation most organizations aren’t prepared to handle. When hospital systems go offline or 911 networks fail, we’re no longer talking about data breaches but about immediate threats to human life. The healthcare sector’s rapid digital transformation has created a dangerous gap between technological adoption and security maturity. These organizations handle incredibly sensitive data while operating with constrained IT budgets and competing priorities between patient care and cybersecurity investment.
The Talent Paradox
Sinha’s observation about cybersecurity’s talent challenge reveals a deeper structural problem in the industry. Top computer science graduates gravitate toward high-profile roles in algorithmic design and social media because cybersecurity has been perceived as maintenance work rather than innovation. The field suffers from what I’ve observed as the “alert fatigue” problem—security analysts spend their days sifting through thousands of false positives rather than solving interesting technical challenges. If AI can truly automate the “grunt work” of security operations, we might see a renaissance in security innovation as talented engineers focus on proactive defense rather than reactive monitoring.
Government’s Uneven Role
The Middle East’s proactive cybersecurity stance highlighted by Tap Payments CEO Ali Abulhasan contrasts sharply with the fragmented approach in many Western nations. While Saudi Arabia has made cybersecurity a national priority through coordinated government initiatives, the U.S. and Europe struggle with overlapping jurisdictions and competing standards. This regulatory patchwork creates security gaps that sophisticated attackers can exploit, particularly in cross-border operations. The most effective cybersecurity frameworks will likely emerge from regions that treat digital defense as critical infrastructure rather than as a corporate responsibility.
The Automation Imperative
Bil’s point about defenders needing to be “100% right” while attackers only need success once underscores why human-only defense is becoming unsustainable. The future of cybersecurity lies in AI systems that can operate at machine speed to detect and respond to threats. However, this creates its own challenges—over-reliance on automated systems can lead to new vulnerabilities, and AI-powered defense requires continuous training against evolving attack methods. The most successful organizations will likely adopt what security experts call “human-in-the-loop” systems where AI handles routine detection and response while human analysts focus on strategic threat intelligence and system improvement.
Beyond Technical Solutions
The most concerning aspect of this new landscape is that technical solutions alone cannot solve what are fundamentally human and organizational challenges. As cybersecurity careers evolve, we need professionals who understand not just technology but psychology, organizational behavior, and risk management. The companies that succeed in this new environment will be those that integrate security into their cultural DNA rather than treating it as a technical add-on. This requires rethinking everything from executive education to board-level risk oversight and creating security-aware cultures where every employee becomes part of the defense strategy.
