Speaking with TECHx Media, Mark Hughes, Global Managing Partner of Global Cybersecurity Services at IBM, shares how automation and agentic AI are transforming cyber threat response, why identity is the new perimeter, and the urgent steps leaders must take to protect critical infrastructure, prove business value, and stay ahead of sophisticated adversaries.

What role do you believe automation and Agentic AI will play in transforming cyber threat detection and response in the near- and long-term?

The reality is stark: cyber incidents have evolved from immediate crises to multi-dimensional, months-long events, and security teams are facing the enduring challenge of too many attacks and not enough time to defend against them. Automation and agentic AI fundamentally shift this dynamic.

 In the near term, we’re already seeing generative AI reduce manual investigations and repetitive tasks, empowering analysts to respond more proactively and precisely to critical threats. 

Looking ahead, agentic AI will move beyond support to autonomy, hunting threats, making decisions and executing responses at machine speed. That frees up security professionals to focus on strategy, not triage. This transformation isn’t coming; it’s here. The question is whether organizations will embrace it quickly enough to stay ahead of increasingly sophisticated adversaries.

It is estimated that 70% of cyberattacks now target critical infrastructure. What sector-specific defense and resilience measures should leaders be prioritizing?

When it comes to critical infrastructure, leaders must prioritize interconnected defenses. 

First, operational technology visibility and segmentation is imperative, you can’t protect what you can’t see. Legacy systems in energy, water, transportation and other sectors weren’t designed with modern threats in mind. 

Second, supply chain security must extend to every vendor, contractor, and third-party component. Attackers exploit the weakest link in these complex ecosystems. 

Third, resilience planning that assumes breach and focuses on rapid recovery and continuity. This means rapid recovery capabilities, incident response playbooks tailored to sector-specific scenarios, and regular stress-testing through simulations. 

Attackers are targeting critical infrastructure because they know the impact is devastating, and our defenses must reflect that same urgency. 

What are the key challenges CIOs and CISOs face in strengthening the security of identity systems to combat credential theft?

Identity has become the new perimeter, and frankly, it’s one of the hardest to defend. The fundamental problem is scale and complexity. Hybrid cloud environments mean identities exist everywhere, from on-premises Active Directory to multiple cloud providers, with privileged accounts scattered across the estate. The first challenge is visibility: most organizations don’t have a complete inventory of identities, permissions, and access paths. 

Second is the balance between security and user experience. Implement controls too strict, and productivity suffers; too loose, and you’re vulnerable to credential theft and lateral movement. Third is the human element: phishing and social engineering remain devastatingly effective and are being amplified by attackers growing use of generative AI. 

To address this, CIOs and CISOs must implement zero-trust architecture with continuous verification, deploy AI-powered anomaly detection that identifies unusual access patterns, and embrace passwordless authentication where possible. Security can no longer be an afterthought, it must be a foundational part of every organization’s core operations, and that starts with getting identity right.

How can organizations invest in cybersecurity innovation while still showing clear business value?

This is where security leaders must shift from cost-center thinking to business-enabler positioning. The key is demonstrating tangible outcomes tied to business objectives. Start by quantifying risk reduction in financial terms: what does containing a ransomware attack save versus the investment in prevention? Data shows organizations with advanced security AI and automation reduce breach costs by millions.  

Second, frame security investments as business accelerators: robust security enables cloud migration, digital transformation, and customer trust, all revenue drivers. 

Third, embrace platformization and consolidation. Organizations running disparate point solutions face higher operational costs and slower detection times. Moving to integrated platforms can reduce mean time to detect by more than 70 days while delivering measurable ROI. 

Finally, pilot innovative technologies for security in high-impact areas and measure results rigorously. When you can show that an AI-powered security operations center reduced analyst workload significantly, while improving threat detection, the business case becomes undeniable. Innovation justified by outcomes always wins budget approval.

What regional or sectoral trends stand out to you in today’s cyber threat landscape, and what can nations and organizations do to stay ahead?

Three trends demand immediate attention. First, nation-state actors are increasingly targeting supply chains and critical infrastructure, particularly in geopolitically tense regions. These campaigns blend espionage with pre-positioning for potential disruption, making them harder to detect and defend against. 

Second, ransomware continues evolving. It’s not just encryption anymore, but extortion through data theft, and attackers are increasingly targeting sectors with regulatory reporting requirements, where disclosure pressure drives fast payment. 

Third, the explosion of cloud adoption has triggered an identity crisis. Cloud environments are being breached through compromised credentials and misconfigurations at alarming rates. 

To stay ahead, nations must consider public-private threat intelligence sharing, enforce baseline security standards for critical sectors, and support cybersecurity workforce development. Organizations need to embrace zero-trust architectures, deploy AI-powered threat detection at scale, and shift from reactive to proactive defense postures. The threat landscape is accelerating. Standing still means falling behind. We must outpace adversaries by out-innovating them.

Related post

View all