Business people with tablet pc computers at office

How to reimagine cybersecurity in the age of AI

Authors

6 minute read 22 Apr 2026
Related topics
Cybersecurity
Consulting
Risk

The next generation cyber risk operations center puts risk intelligence at the center and leverages AI to orchestrate and execute responses.

In brief
  • Why are traditional cybersecurity operating models breaking down?
  • What is the role of the Cyber Risk Operations Center (C-ROC) as the new foundation?
  • What must organizations do now to prepare for autonomous, risk-driven cybersecurity?

Special thanks to Tristan Amalbert, Brandon Bapst, Zak Fargo and Gabby Knight for their contributions to this content.

The evolution of cybersecurity operations

Cybersecurity did not evolve through deliberate design. It evolved through necessity. Early security functions were fragmented and reactive, focused on protecting individual systems and responding to incidents after they occurred. As threats increased, organizations centralized monitoring and response through Security Operations Centers (SOCs), enabling scale and consistency. Over time, additional capabilities emerged:

  • Threat intelligence integration
  • Centralized tooling and analytics
  • Governance, risk and compliance (GRC) programs
  • Executive reporting and oversight

Each step improved operational maturity. Yet the underlying objective remained largely unchanged: improving security execution rather than driving action toward sustained, business‑contextual risk reduction.

Why cybersecurity needs to change now

How EY can help

Four converging forces are accelerating the need for change.

 

  • Speed asymmetry: Recent advances (e.g., Mythos‑class models) compress attack timelines from days/months to hours or minutes, pushing beyond traditional defensive, governance, and operating models. The mismatch between attacker speed and enterprise response has fundamentally altered the risk equation.
  • Economic pressure: Cybersecurity spending continues to grow, yet many organizations struggle to demonstrate measurable improvement in outcomes. CFOs increasingly demand clarity on whether investments are sufficient, appropriately allocated and aligned to business priorities.
  • AI acceleration: AI reduces the cost and complexity of attack development while increasing defensive complexity. Organizations must manage both external threats and internal risks introduced by rapid AI adoption. The current cybersecurity model was optimized for stability. The environment is now defined by acceleration.
  • Trust and confidence: Beyond speed, cost and AI acceleration, trust has emerged as a primary differentiator for customers, partners, regulators and investors. Cybersecurity failures erode confidence far beyond immediate financial impact, affecting brand equity, market valuation and long‑term stakeholder trust. Conversely, organizations that demonstrate disciplined, risk‑driven cybersecurity build confidence that they can operate reliably in a volatile, interconnected environment.

Reimagining cybersecurity is not primarily a technology challenge; it is an organizational one.

The structural limits to today’s cybersecurity model

Despite advances in tooling, many cybersecurity organizations still operate using assumptions established decades ago:

  • Investment decisions are frequently justified through industry benchmarks, maturity models, percentage of IT or revenue spending and historical precedent.
  • Security functions rely on periodic risk assessments, static control evaluations reactive prioritization of alerts and vulnerabilities.
  • Chief information security officers (CISOs) spend disproportionate time defending budgets, risk ownership remains concentrated within security, cybersecurity is perceived as a cost center, business leaders lack decision-grade insight into cyber risk trade-offs.

A new operating model for cybersecurity: the Cyber Risk Operations Center (C-ROC)

The C-ROC represents a shift from cybersecurity as an operational function to cybersecurity as a Nonlinear, Accelerated, Volatile, Interconnected (NAVI) native risk intelligence capability. Designed for a NAVI world, the C‑ROC enables organizations to sense, interpret and act on risk continuously — rather than relying on static plans or delayed reactions. The C-ROC integrates:

  • People: clear decision rights and accountability
  • Process: continuous risk-driven workflows
  • Technology: integrated security and risk data
  • Data: quantitative and qualitative risk intelligence

Reimagining cybersecurity in the age of AI

A built-in AI approach recognizes that AI changes four fundamental dimensions of cybersecurity.

The north star: autonomous, risk-driven cybersecurity risk management

The objective of modern cybersecurity is not eliminating risk but managing it continuously and transparently at enterprise speed. A mature C-ROC enables:

  • Continuous risk sensing and prioritization
  • Risk-aligned orchestration of remediation and response
  • Faster escalation and disclosure decisions
  • Resilience through informed trade-offs

This future is emerging today, but it requires intentional redesign rather than incremental improvement.

Download: Reimagining cybersecurity — the cyber risk operations center in the age of artificial intelligence

PDF (1 MB)

Summary

Cybersecurity must evolve from reactive defense to enterprise risk enablement. The C-ROC represents an opportunity to align cybersecurity with business decision-making, enable intelligent automation and prepare organizations for a future where speed, intelligence and adaptability define resilience. In a world that is NAVI, incremental adaptation is no longer sufficient. Organizations must intentionally design cybersecurity operating models that are resilient to uncertainty, capable of rapid recalibration and aligned business decision-making at speed. Organizations that act early will not only reduce risk more effectively but also gain the clarity and speed required to compete in an increasingly uncertain environment.

About this article

Authors

Related topics
Cybersecurity
Consulting
Risk

How EY can help

Related articles

How agentic AI will transform the SOC for strategic advantage

Security operation centers are on the cusp of transformation with agentic AI. Leaders must prioritize it for smarter, more adaptive security operations.

EY Americas

Why cyber GRC is the missing link between security and strategy

When cyber governance, risk and compliance is reimagined, it becomes the strategic bridge that unifies cybersecurity, enterprise risk and business growth.

Brian DePersiis

Strategic approaches to balancing cybersecurity investments

As cyber threats grow more sophisticated, organizations navigate a shifting risk landscape filled with financial constraints and regulatory pressures.

Brian DePersiis

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.