The AI Effect: Friend or Foe?

Artificial intelligence is the double-edged sword of cybersecurity—its sharp side cutting down breach detection times to a nine-year low of 241 days, its other edge just as capable of arming cybercriminals with faster, smarter tools.

AI capabilities that defenders celebrate are also available to attackers. AI-driven phishing kits, automated vulnerability scanning, and even AI-generated ransomware code are lowering the barrier to entry for cybercriminals. In other words, AI is simultaneously helping us spot attacks faster and spawn them at scale.

Global Breach Costs: A Drop That May Be Deceiving

A drop in global breach costs feels like a rare cybersecurity win. IBM attributes it largely to faster detection and more efficient responses. This is a sign that investments in security tools, staff training, and incident response plans are paying off.

However, the decline is not evenly distributed. U.S. costs went up, driven by:

• Larger organizations being targeted (“big game hunting” by ransomware groups).

• Massive data volumes in U.S. companies.

• A complex web of regulatory fines, legal fees, and class-action risks that drive up post-breach expenses.

The takeaway? The global average is being pulled down by improvements in many regions, but in the U.S., breaches are less frequent but far more expensive when they occur.

Compliance & Regulation: Shield or Sword?

The U.S. regulatory environment is among the toughest in the world, with HIPAA, state privacy laws, SEC disclosure rules, and more pushing organizations toward stronger cyber hygiene. That’s arguably good news because it raises the security baseline, which in theory reduces the likelihood of a successful attack.

But here’s the twist: mandatory reporting also means we hear about more breaches, not fewer. And when breaches do happen in highly regulated sectors, the costs are magnified by fines, required victim notifications, and legal exposure. Compliance can be a shield against everyday threats, but when it fails, it can also be a sword that cuts deep into the bottom line.

Is the Threat Landscape Actually Changing?

The past three years have seen record highs in reported breaches. The Identity Theft Resource Center logged a 72% surge in U.S. compromises in 2023 alone. Healthcare, finance, and government agencies remained top targets. In the first half of 2025, the ITRC tracked 1,732 publicly reported data compromises which is already about 5% higher than the same period in 2024.

While “big game hunting” is largely reserved for the big fish, opportunistic attacks affect everyone. Cybercriminals often cast wide nets, looking for the easiest way in, whether that’s an unpatched server, a stolen password, or a click on a phishing link. These low-effort, high-volume attacks don’t care about company size—if you’re exposed, you’re fair game.

For SMBs, the takeaway is that even though you may not be in the crosshairs of a sophisticated, nation-state-backed ransomware crew, you are still part of the attack surface. In many cases, smaller organizations face higher relative damage because they have fewer resources to recover quickly.

The Verdict: Mostly Gray, Not Black and White

There is real progress—detection is faster, response is better, and in many parts of the world breach costs are falling. But the most valuable targets (often in the U.S.) are still under siege, and when they fall, they fall hard. AI, compliance, and shifting attack strategies aren’t purely good or bad; they’re double-edged forces reshaping the battlefield.

For business leaders, the message is clear: treat good news as encouragement, not as a reason to relax. The threat landscape may be changing, but the need for vigilance hasn’t.

Knowing whether the threat landscape is changing is only part of the picture. ThreatCaptain helps MSPs and businesses translate cyber risk into clear financial impact, making the stakes real and the case for security investments undeniable. Don’t just read about the cyber threat landscape—understand it, measure it, and act on it with ThreatCaptain.