Companies are investing heavily in cybersecurity but despite better visibility and advanced tools, the expected protection has not been there.
For more than a decade, cybersecurity has revolved around the same goal: detect earlier, detect faster, detect everything. Companies have increased their investments in security operations centers, monitoring, behavioral analysis and AI-assisted detection, believing that better visibility would ultimately translate into better protection. This was not the case.
Despite record spending, data breaches continue to grow in size, speed up and have increasingly significant operational impacts. Detection capabilities have improved significantly, but operational control measures have not kept pace. Artificial intelligence now makes this imbalance impossible to ignore.
Detection is no longer the difficulty. Speed is
Today, most organizations are confident that they can detect suspicious activity within their environments. The problem is what happens next.
Almost all companies believe they can identify unauthorized lateral movements within their information systems, but almost one in two admit to having difficulty stopping them quickly*. In other words: we know how to identify the incident, but we still struggle to limit its impact.
For many French companies, this difficulty is no longer solely a technical issue, but a direct business risk affecting business continuity, production, supply chains and even customer relations.
This gap between awareness and action has existed for years. What has changed is the speed at which it is now exploited.
AI accelerates attacks beyond human response cycles
Artificial intelligence is often presented as a future risk. In practice, it is already transforming the way attacks take place. A recent report shows that the average time between initial access and lateral movement is now 29 minutes. In the fastest case: 27 seconds.
By automating recognition, accelerating decision-making, and testing multiple pathways simultaneously, AI allows attackers to detect and exploit vulnerabilities faster than response processes designed to rely on human intervention allow. This results in a considerable discrepancy. Security teams still rely on investigation cycles, validation procedures and manual interventions, precisely when attacks no longer wait. What was once a race against time measured in hours is now increasingly played out in minutes, even seconds.
In this context, detection alone loses a large part of its protective value.
The figures observed in France are already worrying. Only a minority of organizations are able to isolate a compromised workload in near real time. Conversely, the majority of them still need several hours, or even several days, to intervene effectively. And that’s before we even really begin to see the impact of cutting-edge AI models. However, it is precisely during this period of time between the moment when the threat is detected and the moment when it is put an end to it that the most serious damage occurs.
Lateral movement: the risk multiplier for the company
We hear a lot about the new cyber risks linked to AI. In reality, the fundamentals of the attacks have not changed.
Most major breaches do not become a disaster at the time of intrusion. They become catastrophic when attackers move laterally across networks, reach critical systems, steal sensitive data, disrupt operations or block infrastructure. Every additional minute increases the risk of operational paralysis, data exfiltration or extortion. Each additional system hit increases the operational, financial and reputational impact of the incident.
Once inside, attackers continue to rely on the same access routes: trusted connections, excessive privileges, poorly understood dependencies between systems. In environments designed around perimeter assumptions, this move remains dangerously easy.
Rethinking security in the age of AI
Cybersecurity is entering a phase where performance can no longer be measured solely through detection metrics. The determining question now becomes: to what extent is an organization capable of preventing an intrusion from becoming systemic?
The organizations that will best withstand this new phase will not necessarily be those with the largest security budgets or the most sophisticated dashboards. They will be those who accept that compromises are inevitable and design their architectures accordingly.
For French companies, this also involves rethinking certain investment priorities: network segmentation, identity and privilege management, isolation of critical assets and automation of containment mechanisms.
Artificial intelligence has ended the possibility of slow responses and revealed the limits of security models that rely more on observation than on mastering attacks. Until containment is treated as a fundamental design principle, the imbalance between attackers and defenders will continue to widen.
In the age of AI, detecting an attack is no longer the goal. The goal is to prevent its spread.
For decision-makers, the challenge is therefore no longer just to strengthen detection, but to build architectures capable of absorbing a compromise without tipping into a systemic crisis.
