Cyber threats are now evolving in minutes, not months or days, forcing businesses to rethink cybersecurity as a core strategic function rather than a back-end technical concern, it was learned recently.
At a roundtable hosted by Palo Alto Networks, its executives warned that artificial intelligence (AI) is dramatically accelerating how cyberattacks are created and deployed, exposing a widening gap between threat speed and organizational readiness.
Data presented during the discussion showed that the time required to develop and launch ransomware has dropped from nine days to just 15 minutes.
Meanwhile, the window from initial system compromise to data exfiltration has narrowed to as little as 25 minutes, with vulnerabilities often exploited in under an hour.
This compression of time is reshaping how businesses must approach risk.
“Cybersecurity is no longer just an IT concern. Before, it was a topic for the CISO (chief information security officer) and CIO (chief information officer), but at this point in time, it needs to be a discussion at the board level and across the C-suite. It is a business priority, a national resilience issue, and ultimately, a matter of public trust,” said Bernadette Nacario, Country Director for the Philippines.
Despite the urgency, only 6% of organizations have established a robust AI security strategy, underscoring how unprepared many firms remain for AI-driven threats.
Industry leaders said this gap reflects a deeper issue: Cybersecurity is still often treated as a reactive function rather than a built-in component of digital transformation.
“Secure AI by Design means ensuring that as we integrate AI into digital transformation, security is built in from the start – not added later,” said Nicole Quinn, Vice President for Policy and Government Affairs for JAPAC (Japan and Asia Pacific).
The implications extend beyond corporate risk to national resilience.
As more services move online, experts stressed that stronger coordination between government and the private sector will be essential, with agencies such as the Department of Information and Communications Technology (DICT) playing a central role in safeguarding critical infrastructure.
Tom Scully, Principal Architect for Government & Critical Infrastructure for JAPAC, pointed to another structural weakness: fragmented security systems.
“Today, many operate with dozens of disconnected tools that don’t communicate with each other, making it difficult for AI to analyze data, generate insights, and respond to threats in real time,” Scully said during the roundtable.
“To keep pace with AI-driven threats, organizations need to be significantly faster and more coordinated. A platform approach to security, combined with AI-powered tools, allows defenders to operate at the speed required to counter modern threats proactively,” he added.