The mathematics of modern cyber defence no longer work. When attackers can move from initial system access to meaningful harm in eleven minutes, the playbooks security teams have relied on for years collapse under their own weight. This is the reality confronting Australian organisations as artificial intelligence fundamentally accelerates both sides of the security equation.
Attackers now reach system breakout in an average of 29 minutes, a 65 per cent acceleration from the previous year, with some breaches unfolding in under a minute. The shift is forcing security operations centres to rethink everything about how they detect threats, triage alerts, and coordinate response.
According to Elastic's global security leader Mike Nichols, speaking at the company's Sydney conference, the traditional security model has reached collapse point. "At this speed, manual playbooks are no longer just slow, they're mathematically impossible," he said. The observation cuts to the heart of why so many Australian organisations are struggling despite investing heavily in security technology.
The alert fatigue trap
Australian security teams receive an average of 2,061 alerts per day, roughly one alert every 42 seconds. Yet this volume hasn't translated into better detection. 39 per cent of Australian organisations report high alert fatigue as a significant operational issue, and analysts are burning out managing noise rather than responding to genuine threats.
Nichols cautions against the industry narrative that artificial intelligence will simply replace security analysts. "The first thing I always say is that AI is icing on the cake, not the entire cake. You still need a strong foundation first: processes, people and an architecture that works without AI. Then AI makes those systems better." The statement reflects a pragmatic reality; automation is not a substitute for fundamentals, it is a force multiplier for organisations with working security disciplines.
The core problem lies in how security operations centres currently function. Recent studies have highlighted alert fatigue and burnout in security operations as a significant challenge, driven partly by the sheer volume of alerts and partly by weak correlation between related events. Many SOC teams manually triage thousands of alerts each day, searching for patterns that skilled analysts should be investigating instead.
Data as the foundation for AI defences
Elastic ANZ country manager Jeremy Pell warned that many early AI deployments fail because organisations underestimate the complexity of their data landscapes. "If your AI system only sees part of the data, it only tells part of the story," he said. The insight reveals a common mistake: treating AI as overlay technology rather than addressing fundamental data architecture problems first.
97 per cent of Australian organisations report limitations in their security tooling, with insufficient context and high alert fatigue identified as the most significant issues. This suggests the problem is not detector failure but signal-to-noise collapse.
Organisations are shifting from experimental AI pilots toward practical deployment. According to Pell, this marks a transition "from AI hype to AI help". Executives no longer want AI strategies; they want AI that propels the business forward through measurable security outcomes.
The shared vulnerability
Beyond cybersecurity, Elastic's research reveals that similar data challenges are affecting customer-facing digital systems. AI is not only providing criminals new tools but also creating new weak points inside companies. The symmetry is worth noting: attackers using AI to accelerate exploitation, defenders using AI to accelerate detection, and both sides facing the same underlying problem of data quality and visibility.
The implication is clear. Organisations cannot solve the cyber response crisis by adding more tools, hiring more analysts, or implementing more rules. Organisations making extensive use of security AI and automation cut their average breach costs by $1.9 million and shorten their breach lifecycles by an average of 80 days. The economic case is compelling, but the transition requires treating data architecture as a strategic asset, not an IT housekeeping task.
As Nichols noted, the question is not whether AI will reshape security operations. It already is. The question is whether organisations address the foundation first, or spend years treating symptoms while the underlying vulnerability widens. In a threat landscape where attackers measure success in minutes rather than hours, the cost of delay has become substantial.
Further reading on this topic is available from Elastic's 2026 Australian research on digital experience expectations and security operations.