An iterative five-phase process model to successfully implement AI for cybersecurity in a corporate environment

While traditional cybersecurity approaches effectively address static or well-known threats, they often struggle to keep pace with the rapidly evolving threat landscape. New research highlights that increasing sophistication and dynamism in cyberattacks require adaptive and proactive measures, such as artificial intelligence (AI) applications and services, to complement conventional methods. AI for cybersecurity is needed to respond efficiently and reliably to threats and attacks, to detect dynamic threats faster, to analyze more precisely, and to enable adaptive protective measures that outperform conventional approaches. We identified research needs for AI in cybersecurity that need to be addressed by implementing respective AI applications and services. Companies and organizations need further research and company-centric approaches. We address AI for cybersecurity through a literature review and semi-structured expert interviews in a design science research–oriented framework. We identify typical implementation steps, deduce critical process phases, and develop a new process model to successfully implement AI for cybersecurity, including five process phases and 19 process steps. Our iterative five-phase process model provides a structured framework that is flexible to adapt to specific and general requirements, focuses on iterative evaluations; addresses cost, functional requirements, certifications, and environmental impact; facilitates early risk identification; and strengthens resilience against cyberattacks. Furthermore, we deduce seven key performance indicators to support a quantitative assessment of AI’s efficiency and effectiveness, allow benchmarking, and develop best practices. Finally, we provide limitations and a further research agenda.