Fastly: AI-first firms hit by slower, costlier cyber recoveries

AI-First Organizations Face Longer Recovery Times and Higher Costs After Cyber Incidents, Fastly Report Finds

Fastly’s latest Global Security Research Report for Australia and New Zealand reveals that organizations identifying as "AI-first" experience significantly longer recovery times and higher financial impacts from cybersecurity incidents compared to their peers. On average, AI-first businesses take nearly seven months about 100 days longer to fully recover, a gap Fastly terms the "AI Speed Tax." The financial toll is also stark: incident costs for AI-first organizations exceed those of non-AI-first counterparts by 135%.

The report highlights AI’s role in expanding attack surfaces, with 48% of AI-first organizations reporting that AI was directly exploited in their most recent incident, compared to just 10% of non-AI-first firms. Key vulnerabilities include agentic workflows and decentralized data flows, which introduce complexity for security teams. Additionally, 42% of AI-first organizations cited AI-related blind spots as contributing factors in incidents, versus 29% of non-AI-first respondents, underscoring challenges in visibility and control.

Beyond direct breaches, AI adoption is driving operational costs. 75% of organizations report that AI scraping has become a material expense, with average annual infrastructure impacts exceeding AUD $595,000. Half of those surveyed noted increased infrastructure costs due to AI activity, while 48% experienced operational disruptions and 33% faced issues affecting online visitors, such as slow load times or broken functionality.

In response, organizations are prioritizing security investments, with 59% focusing on agentic discoverability, 53% on API security, and 51% on web application firewalls. Concerns about AI-targeted attacks are high, with 85% of respondents worried about DDoS attacks on AI agents and 56% recognizing a need for AI-specific security expertise.

Fastly’s Chief Information Security Officer, Marshall Erwin, emphasized the need for security modernization to keep pace with AI adoption, noting that the challenge now extends beyond traditional threats to managing rapidly expanding, often invisible infrastructure. The report, based on a survey of 2,000 IT decision-makers across the Americas, Europe, and Asia-Pacific, was conducted in Q4 2025.

Source: https://itbrief.com.au/story/ai-first-firms-hit-by-slower-costlier-cyber-recoveries

Fastly cybersecurity rating report: https://www.rankiteo.com/company/fastly

"id": "FAS1772094320",
"linkid": "fastly",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'location': ['Australia', 'New Zealand'],
                        'type': 'AI-first organizations'}],
 'attack_vector': ['AI Exploitation',
                   'Agentic Workflows',
                   'Decentralized Data Flows'],
 'date_publicly_disclosed': 'Q4 2025',
 'description': 'Fastly’s latest Global Security Research Report for Australia '
                'and New Zealand reveals that organizations identifying as '
                "'AI-first' experience significantly longer recovery times and "
                'higher financial impacts from cybersecurity incidents '
                'compared to their peers. The report highlights AI’s role in '
                'expanding attack surfaces, with key vulnerabilities including '
                'agentic workflows and decentralized data flows. AI adoption '
                'is also driving operational costs, with 75% of organizations '
                'reporting AI scraping as a material expense.',
 'impact': {'downtime': 'Nearly seven months (100 days longer than peers)',
            'financial_loss': '135% higher than non-AI-first counterparts',
            'operational_impact': ['Operational disruptions (48%)',
                                   'Issues affecting online visitors (33%)']},
 'lessons_learned': 'AI adoption expands attack surfaces and introduces '
                    'complexity for security teams, requiring modernization of '
                    'security measures to address AI-specific threats like '
                    'DDoS attacks on AI agents and AI-related blind spots.',
 'post_incident_analysis': {'corrective_actions': ['Security modernization',
                                                   'AI-specific security '
                                                   'measures'],
                            'root_causes': ['AI exploitation (48% of AI-first '
                                            'orgs)',
                                            'AI-related blind spots (42% of '
                                            'AI-first orgs)',
                                            'Complexity in visibility and '
                                            'control']},
 'recommendations': ['Invest in agentic discoverability',
                     'Strengthen API security',
                     'Deploy web application firewalls',
                     'Develop AI-specific security expertise'],
 'references': [{'date_accessed': 'Q4 2025',
                 'source': 'Fastly Global Security Research Report'}],
 'response': {'remediation_measures': ['Agentic discoverability (59%)',
                                       'API security (53%)',
                                       'Web application firewalls (51%)']},
 'title': 'AI-First Organizations Face Longer Recovery Times and Higher Costs '
          'After Cyber Incidents',
 'type': ['Data Breach', 'Operational Disruption'],
 'vulnerability_exploited': ['AI-related blind spots',
                             'Complexity in visibility and control']}