Jan Lane: why AI threats are undermining cyber defense even with companies' record budgets

Companies spend more and more on cybersecurity, but this does not guarantee real protection. Founder of Visio Cyber AI Jan Lane believes that in the era of AI threats, business loses not due to a lack of solutions, but due to the absence of clear strategy, poor integration, and overloaded teams.

The Illusion of Protection

On the surface, the picture looks convincing: global cybersecurity spending in 2026 should exceed $522 billion. But in parallel, damage from cybercrime is also growing — it could reach $10.5 trillion per year. According to Jan Lane, this gap reveals an uncomfortable truth: budget growth by itself does not make companies more resilient.

Business buys new tools, expands the stack, signs contracts with vendors, but then discovers that in a critical moment it cannot see the big picture and reacts too slowly. Lane says that in many companies, protection becomes a collection of poorly connected products.

Each tool produces its own signals, alerts, and reports, but they do not add up to a single decision-making system. As a result, teams look at infrastructure through separate 'windows' rather than a unified panel. This creates a false sense of control: it seems that protection is stronger because there are many tools, although in practice they create fragmentation and competing noise.

Noise Instead of Response

This is most painfully evident in security operations centers. Analysts receive thousands of alerts daily, and a significant portion of them turn out to be false positives or low-priority events. Lane emphasizes that the problem is not with the alerts themselves: alerts are necessary and show that security measures are working. But when there are too many signals, the team stops distinguishing between an urgent threat and background noise, and truly dangerous incidents risk getting lost in the overall flow.

According to Lane, this noise is not due to random failures, but to a repeated and predictable set of management errors. Companies often think that adding new solutions automatically strengthens protection, although without integration and clear roles, the opposite happens. In her logic, weakness arises not in a single specific product, but in how management assembles the entire security chain and which signals the team is able to process in time.

• companies increase the number of products without checking how they work together;
• managers view cybersecurity as an IT department task, not as a business risk;
• teams lack a unified overview of the environment and clear incident prioritization;
• employees remain a weak link due to phishing, credential compromise, and lack of training.

From this emerges not a technical, but a management problem. Leadership focuses on growth and financial results, but underestimates how a cyber incident impacts revenue, customer trust, and the company's ability to continue operating. A single serious breach can lead not only to downtime, but also to fines, lawsuits, and prolonged reputation recovery. According to Lane, many realize the scale of the risk only after an incident, when the cost of the mistake has become apparent.

AI Against AI

Lane believes that the growth of AI threats cannot be answered with the old approach. If attackers accelerate attacks with AI, then defense also needs AI — to prioritize alerts, reduce false positives, and quickly identify truly dangerous patterns. It's not about trendy labeling on another product, but about an intelligent layer that helps teams see the environment as a whole and make decisions faster in real time.

"With the growth of AI threats, you need to use AI to fight AI."

This logic is particularly relevant given that 95% of IT and security professionals expect threats to intensify due to AI, and more than 80% of cyberattacks already use AI in one form or another. But automation alone is not enough. Lane separately emphasizes the role of employees: human error remains one of the main causes of breaches. Therefore, resilience is built not only on technology, but also on the team's cybersecurity hygiene, training in attack recognition, and discipline in access management.

What This Means

The main conclusion for business is simple: those who win are not those with the most security resources, but those who understand risk faster and act cohesively. In the era of AI attacks, cybersecurity becomes a matter of management clarity, not just purchasing new tools.