Hackers can infiltrate and harvest corporate data in hours as AI accelerates cyberattacks

Time for hackers to infiltrate and harvest corporate data has shortened dramatically, with insights shared at a cybersecurity and resilience conference in the AI era indicating the average window has fallen from 386 days to just a few hours.

How AI is changing the threat timeline

Speakers said AI is accelerating cyberattacks by enabling phishing emails, deepfake videos, voice cloning, and malware development. It is also helping attackers find and exploit vulnerabilities faster and at lower cost.

Yair Bar-Touv, a board member and chair of the Cyber Security Committee at Clal Insurance Enterprises Holdings, said AI can reach a 72% success rate in attacks, far above earlier generations. He cited an example in which AI revealed a vulnerability in the OpenBSD operating system that had existed for 27 years—previously viewed as a symbol of security.

From long dwell times to hours

Nam Hoang Nam, head of Financial Insurance at Marsh Vietnam, said attackers previously needed more than a year to “lie in wait,” but AI compresses that period into hours. He added that this shift is forcing the insurance industry to adapt, noting that cybersecurity is no longer only a financial shield but also a factor in enabling faster recovery after major losses.

Key data points on exploitation speed

Experts highlighted a sharp decline in the time between vulnerability disclosure and first exploitation:

• In 2018, the average time from vulnerability disclosure to first exploitation was about 771 days.
• By 2024, that figure had fallen to roughly four hours.

Sergej Epp, founder of the platform monitoring these vulnerabilities, warned that patches can be reverse-engineered quickly to craft exploits in minutes, and that attacks can spread worldwide within hours. He also noted that many vulnerabilities have been weaponized before official disclosure.

Broader impact beyond a single organization

Chandramouli Dorai of Zoho said breaches can cascade beyond one organization, affecting customers, partners, and the broader supply chain.

Workforce gap and regional pressure

Global estimates for 2024 suggest a shortfall of around five million cybersecurity professionals. That gap could rise to roughly 85 million by 2030, with the Asia-Pacific region facing the greatest pressure.

Response and resilience priorities

Given the expectation that breaches can occur at any time, experts said organizations should strengthen incident response and recovery capabilities. They also recommended shifting toward a proactive, AI-enabled security posture, including continuous testing of software built with no-code and low-code tools to improve resilience.

In Vietnam, where digital transformation is underway, demand for information security and risk governance is rising. The article also notes that Hanoi is planned to have a Cyber Security Center by 2027, and that three Vietnamese cybersecurity firms are included in the world’s top 50.