1 The perceived impact of Artificial Intelligence on cyber security operations in the South African banking sector Edward van Bosch 2419308 Supervisor: Dr Ayanda Magida Submitted to the Faculty of Commerce, Law and Management, University of the Witwatersrand, in fulfilment for the degree of Master of Management in the field of Digital Business 2 Declaration I, __Edward John van Bosch___, declare that this research report is my own work except as indicated in the references and acknowledgements. It is submitted in partial fulfilment of the requirements for the degree of Master of Management in the field of Digital Business at the University of the Witwatersrand, Johannesburg. It has not been submitted before for any degree or examination in this or any other university. Name: Edward John van Bosch Signature: Edward John van Bosch Signed at …Randburg………………… On the ……28th……………. day of ……April………… 2025…. 3 Abstract Cybersecurity threats are increasing exponentially, and South Africa is one of the top countries targeted by cyber criminals. Banks are adopting AI-powered cybersecurity solutions to fortify themselves against the ever-increasing cyber threat landscape, but this presents opportunities and challenges. To ascertain the efficacy and impact of AI in cybercrime eradication, the TOE framework and Perception Theory were adopted to cover the operating landscape of CS officers and guided the cognition and the rationalisation of AI adoption. The data from the literature review was posited against qualitative findings from semi-structured interviews of key CS personnel and was analysed using thematic analysis. The findings indicate a positive perception of AI as a cybersecurity force multiplier, particularly in enhancing real-time threat detection and automating response mechanisms. However, concerns were also raised about overreliance on AI, data privacy and the potential exploitation of vulnerabilities and algorithms within AI-powered cybersecurity solutions. The findings clearly demonstrated that AI is not a turnkey solution and does not possess the power and ability to eradicate cybercrime in totality but is the only solid viable defensive solution for cyber-attacks. AI cannot eradicate crime completely but is the most efficient tool and system in cybercrime detection and prevention. There was a marked disparity in perception of AI between direct AI users and literary conjecture on the impact of AI. Given the vastness of AI, a novel bespoke framework was created to guide new users on the necessity, risk, benefits and scale of AI implementation intra-organisationally. Keywords: AI, cybersecurity, cyberattacks, force multiplier, overreliance, solution. 4 Acknowledgements To my creator, without whom nothing is impossible, I praise you for giving me the opportunities, abilities and persistence to complete this research. To my wife Chantelle and daughters Kyla and Talor, thank you for always motivating and supporting me. We sacrificed a lot of time together. Thank you for being part of my life and your inspiration on this journey. To my friend Adelia: thank you for your encouragement, your belief in me, and your motivation through very tough and challenging times to see this through and to finish my studies and research. You always inspired me to be more and to be better, and for that I will always be grateful. Thank you. Thank you to all the participants who participated and who took time away from their very busy schedules. Dr Ayanda Magida, thank you for guiding me through this process. To everyone who assisted me on this journey — there are so many of you. Thank you very much for your support. 5 Table of Contents Declaration ................................................................................................................ 2 Abstract ..................................................................................................................... 3 Acknowledgements .................................................................................................. 4 List of Figures .......................................................................................................... 9 List of Tables .......................................................................................................... 10 List of Abbreviations .............................................................................................. 11 Chapter 1: Introduction .......................................................................................... 13 1.1 Statement of Purpose ............................................................................................. 13 1.2 Background of the Study ........................................................................................ 14 1.3 Research Problem ................................................................................................... 21 1.4 Research Questions ................................................................................................ 21 1.5 Justification for the study ....................................................................................... 22 1.6 Delimitations of the Study ...................................................................................... 23 1.7 Report Outline ......................................................................................................... 24 Chapter 2: Literature Review ................................................................................. 26 2.1 Introduction ............................................................................................................. 26 2.2 Defining the TOE Framework ................................................................................. 28 2.3 Technological component of TOE affecting CS operations ................................. 29 2.3.1 The necessity of Cybersecurity ........................................................................................... 30 2.3.2 AI CS Anthropomorphism .................................................................................................... 33 2.4 Organisational component of TOE affecting CS operations ................................ 40 6 2.5 Environmental component of TOE affecting CS operations ................................ 42 2.6 Challenges to AI CS operations ............................................................................. 43 2.6.1 Technological Challenges .................................................................................................... 43 2.6.2 Organisational Challenges .................................................................................................. 46 2.6.3 Environmental Challenges .................................................................................................. 47 2.7 Defining Perception Theory .................................................................................... 47 2.7.2 Cognition, Science and Perception Flow ............................................................................ 51 2.8 AI-CS and PT – A Synthesis .................................................................................... 52 2.9 Literature Review Findings Viz Research Questions ............................................ 55 2.10 Conclusion ............................................................................................................. 56 Chapter 3: Research Methodology ....................................................................... 58 3.1 Introduction ............................................................................................................. 58 3.2 Research Philosophy .............................................................................................. 59 3.3 Research Assumptions ........................................................................................... 61 3.4 Research Design ..................................................................................................... 62 3.5 Research Strategy and Method .............................................................................. 63 3.6 Population................................................................................................................ 64 3.7 Target Population and Sample Group .................................................................... 65 3.8 Unit of Analysis ....................................................................................................... 66 3.9 Data Collection ........................................................................................................ 67 3.10 Data Analysis ......................................................................................................... 69 3.11 Quality Assurance ................................................................................................. 72 3.12 Ethical Considerations .......................................................................................... 73 7 Chapter 4: Findings and Discussion of Studies .................................................. 75 4.1 Introduction ............................................................................................................. 75 4.2 Summary Background of Participants ................................................................... 75 4.3 Interview Themes and Rationale ............................................................................ 77 4.4 Interview Findings ................................................................................................... 79 4.4.1 Current use of AI in CS teams ............................................................................................. 79 4.4.2 Benefits of AI ....................................................................................................................... 82 4.4.3 Risks of AI in CS .................................................................................................................. 85 4.4.4 CS-related Risk Mitigation Strategies ................................................................................. 90 4.4.5 Impact on Security Posture ................................................................................................. 95 4.4.6 Automation on Activities ...................................................................................................... 97 4.4.7 AI’s Impact on CS Engineers ............................................................................................... 98 4.4.8 Decision-Making Visibility .................................................................................................. 103 4.4.9 Data Management and Governance ................................................................................. 107 4.4.10 Protecting AI Systems ..................................................................................................... 111 4.4.11 Protecting non-AI Systems .............................................................................................. 113 4.4.12 Does AI give companies a competitive edge .................................................................. 113 4.5 Conclusion............................................................................................................. 114 Chapter 5: Conclusion & Recommendations .................................................... 116 5.1 Introduction ........................................................................................................... 116 5.2 Conclusions regarding Research Question 1 ..................................................... 117 5.3 Conclusions regarding Research Question 2 ..................................................... 118 5.4 Conclusions regarding Research Question 3 ..................................................... 119 5.5 Limitations of this study ....................................................................................... 120 5.6 Recommendations ................................................................................................ 121 8 5.7 Suggestions for further studies ........................................................................... 124 References ............................................................................................................ 127 APPENDIX A ......................................................................................................... 139 APPENDIX B ......................................................................................................... 141 APPENDIX C ......................................................................................................... 143 APPENDIX D ......................................................................................................... 145 9 List of Figures Figure 1.1:Top three cyber risks in the financial services sector .............................. 17 Figure 1.2: Percentage of Fin companies underinvesting on CS capabilities ........... 19 Figure 2.1: Difference between Simple and Deep Learning Neural Networks .......... 37 Figure 2.2: Four Types of Metaheuristic Algorithms in CS operations ...................... 38 Figure 2.3: Difference between Internalists and Externalists .................................... 49 Figure 2.4: Difference between PT’s Top-down Bottom-up Approach ...................... 52 Figure 2.5: Locating the subject on Perception Theory's Quadrants ........................ 53 Figure 3.1: Map of Research Methodology .............................................................. 59 Figure 4.1: Top 4 benefits of AI within CS operations ............................................... 82 Figure 4.2: Benefits of AI in CS operations ............................................................... 84 Figure 4.3: Summary of Participants Risks in AI ...................................................... 86 Figure 4.4 CS Risks Across TOE and Protection Channels ..................................... 89 Figure 4.5: List of 14 Risk Mitigation Tactics within CS Operations .......................... 90 Figure 4.6: Participants outlook on AI improving the banks security posture ............ 95 Figure 4.7: AI Automation Scale ............................................................................... 98 Figure 4.8: Participants Response to AI's Impact on Engineers in CS Operations ... 99 Figure 4.9: Participants Results of AI's Decision-Making Visibility .......................... 104 Figure 4.10: Summary themes of participants feedback to AI Protection Measures 111 10 List of Tables Table 2.1: Types of Cyber-Attacks (non-exhaustive) ................................................ 32 Table 3.2: CS participants profiles ............................................................................ 69 Table 4-1: Summary of Participants Background and Experience ............................ 77 Table 4.2: Interview Themes and Rationale ............................................................. 79 Table 4.3: AI tools and its Uses in CS teams ............................................................ 80 Table 4.4: Description of Risks to AI and its systems ............................................... 94 11 List of Abbreviations AAI – Applied Artificial Intelligence AI – Artificial Intelligence APT - Advanced Persistent Threats BEC - Business Email Compromise CPU - Central Processing Unit CS – Cyber Security DoS - Denial of Service DDoS - Distributed Denial of Service DL – Deep Learning GAI – Generative Artificial Intelligence GenAI – Generative Artificial Intelligence GDP – Gross Domestic Product HR – Human Resource IIF- Institute of International Finance IT – Information Technology KPI – Key Performance Indicator MA – Metaheuristic Algorithms MitM - Man-in-the-Middle ML – Machine Learning NAS - Network Analysis Systems NPS - Network Protection Systems PAM – Privileged Access Management 12 POPIA - Protection of Personal Information Act SaaS - Software as a Service SABRIC - South African Banking Risk Centre SA – South Africa TAM - Technology Acceptance Model TOE - Technological Organisational and Environmental Framework XAI - Explainable AI XXS - Cross-site Scripting 13 Chapter 1: Introduction 1.1 Statement of Purpose The financial services industry in South Africa (SA) is at the helm of the digital revolution. The banking sector prioritises digital transformation at the heart of its strategy within the financial services sector. In SA alone, the Top 4 banks, in order of asset holding size, Standard Bank, First Rand, ABSA and Nedbank, account for over 50 percent of the continent's assets as Tier 1 banks. They have a combined user base of 20 million and contribute around 88 percent to the country’s Gross Domestic Product (GDP) (Everington, 2024). The ease of internet and mobile banking across all platforms and devices has made transferring capital and data easy and efficient. However, the underside of digital transformation is a massive surge in cybercrime, resulting in financial losses year-on-year. SA’s banking sector is one of the primary targets of cyberattacks. This was witnessed by SA having the third most cyber-crimes globally since 2020 (Bank, 2022). The rise in cybercrime warrants an increase in cyber-defence and cybersecurity (CS). Four main technology trends are employed within cyber-security: Cloud and edge computing, Applied Artificial Intelligence (AAI), Next-generation software development and Trust architecture and digital identity (Atkins L. B., 2024). Of the four, AAI is most relied upon in the South African context and will form the focal point of this paper. As such, this paper seeks to ascertain the concatenation of AAI and cybersecurity and whether the former acts as a solution to the latter, an enabler to cyber-crimes or if it has a benign position but is adapted and implemented due to seeming populus consensus and the necessity of being on par or ahead of the digital curve and ahead of competitors. This will be achieved via a bi-pronged process. 14 1.2 Background of the Study The deployment and use of AI in cybersecurity developed alongside and in conjunction with key AI disruptors in the banking sector. Today, AI is a part of the DNA of cybersecurity itself to the point of almost unconscious relegation. Innovation and strategic intent promote the interplay of critical cognitive functioning to support and advance machine learning. This paper seeks to question the efficacy of the impact of AI in CS. Are AI, AAI, and Generative AI (GAI) trends, necessities, or impediments in CS banking operations today? The impetus for the questioning lay within personal experience in the banking sector and personally witnessing the radical adoption of AI without testing its impact against higher intent, that is, safeguarding and protecting data and minimising threats. To ascertain the efficacy, the vantage point is unpacking the evolution of AI itself. How did AI become the ethos of the banking sector in SA, how did cybersecurity develop to the digital boom, and what challenges AI presents to CS operations? These questions will form the basis of the background and precede the core and supplementary research questions that follow. AI has been one of the biggest disruptors in the banking sector. It has radically evolved from work automation and data analysis to machine learning, helping to create a unique personalised customer experience, to risk management and fraud prevention (Atkins L. et al, 2014). “The emergence of AI is disrupting the physics of the industry, weakening the bonds that have held together the components of the traditional financial institutions and opening the door to more innovations and new operating models” (Deloitte, 2025, p. 1). There have been four marked disruptions in the banking sector due to AI. Understanding the four points of disruption will assist in identifying the needs and importance of cybersecurity within banks. 15 Firstly, the impact of Big Data changed the experience and expectations of customers as an increasing number of people shifted towards the use of the internet and mobile devices. Big data analytics was able to collate unstructured data across multiple user platforms systematically and offer highly personalised experiences viz-a-viz traditional blanket offerings (Deloitte, 2025). Banks now adopt a 360-degree view of customers' interactions with brands, social media and the interfacing of personal data to inform their decision-making processes. The second disruptor came from the availability of fast computers, hardware, software and cloud infrastructure (Deloitte, 2025). Banks could quickly compute, process and store large amounts of data and Software as a Service (SaaS) became a core part of all infrastructure. Third, AI was able to disrupt the banking sector by assisting in regulatory obligations. Data collection, storage and processing aided in banks being able to quickly meet regulatory requirements, radically improving the efficiency and output of back-office functions (Deloitte, 2025). The last and fourth disruptor appeared via inter-bank competition. Banks leverage AI and other tools to customise solutions via harvesting large amounts of data they possess. As a result, there is a race amongst banks to adopt and implementing the last tech innovations to create solutions that have a stand-out factor and provided a value-added service internally and externally (Deloitte, 2025). Parallel to these disruptors was the cultivation of talent management and hiring of Information Technology (IT) professional which also gave rise to the gig-economy. Emerging technologies offer significant benefits but simultaneously introduce new cyber threats and entrench existing ones. CS risk management and operations are integral to a bank’s core infrastructure and support. The importance of a comprehensive strategy has never been more prudent 16 as companies aim to increase their digital and technological footprint. With data being the new currency, banks are not only combating highly trained, well-funded cyber criminals but cyber terrorists as well. Cyber criminals are also adopting emerging technologies to support their attacks. According to the CrowdStrike (2024) global threat report, “Electronic Crime (eCrime) continues to rise and is the most pervasive threat in 2023. Data-theft extortion also continues to rise, and 2023 saw a 76 percent increase in victims named on eCrime dedicated leak sites compared with 2022. As companies increase their use of technology, they are also increasing the number of avenues for a potential cyberattack by mature threat actors.” As banks increase their use of digital technologies, they also expand the scope for cyberattacks, especially by mature threat actors. Due to the slow implementation of legislation and regulations within the AI space, combined with the lack of morality and ethics of AI itself, it allows the layman to utilise AI platforms to engage in criminal activity. Anyone with a phone can use AI platforms to try to hack systems. According to the 2023 Future of Cybersecurity Survey (2024), completed in collaboration between McKinsey and the Institute of International Finance (IIF), wherein they interviewed banks globally, the biggest risks presented included cyberattacks, AI, talent management, third-party and supply chain management, and data security as seen in Figure 1: 17 Figure 1.1:Top three cyber risks in the financial services sector The dynamic interconnectedness of the threats is tied to the four digital disruptors mentioned earlier. What risk does big data and cloud storage present to banks' CS operational support? While banks adopt the latest talent and technological capability in creating complex firewalls to prevent breaches, banks are also reliant on third-party data, and any weaknesses in their system can result in data breaches and data theft. This is corroborated by the above-mentioned survey, wherein most survey respondents “Recognised the need to strengthen critical cybersecurity capabilities, including third-party or supply chain management and privileged access management (PAM).” The importance of cloud storage cannot be underscored, given that data is the era's currency. Any disruption of files, poisoning of data, and leakages could have massive legal ramifications for banks and financial losses for customers. SA has seen a persistent annual increase in cybersecurity attacks since 2019 (Mugwagwa, 2024) According to the South African Banking Risk Centre (SABRIC), South Africa lost more than 3 billion Rand in 2023 due to financial crime. Reports from the South African Cyber Security Hub and cybersecurity companies indicate that attacks targeting 18 individuals, businesses and government departments are on the increase (SABRIC, 2023). Before banks introduce newer and newer technologies, there needs to be measures to ensure the risk management of a capability is exercised to the superlative, the ramifications of which, when not performed, result in the risks outweighing the benefits. Additional risks include corporate espionage and headhunting/talent management, which can easily lead to some banks monopolising the market. Threats may not only come from external sources but also internally and from other banks. It can also result in the prevention of centralising key functions and limit cross-pollination for the advancement of the industry. This also puts pressure on internal teams to always adopt the latest tech instead of creating vertical growth. Lastly, the speed at which regulators create new regulations to adapt to changes in the industry is far slower than the fintech evolution. Resultantly, leveraging AI will always result in banks being further ahead than regulators or managing ways to outmanoeuvre regulators. Banks are willing to pay the fines regulators impose because the outcome and financial reward far outweigh the cost of fines. This protects banks, gives more liberty to AI and causes regulators to lose credibility. Banks also hire the best talent in AI, and regulators struggle to secure the personnel needed to effectuate regulations promptly. While CS is a critical part of business operations, as technology evolves and the ethical concerns around AI are magnified, CS operation officers are questioning the use of AI and GAI in preventing cyber-attacks. Naturally, without any CS support, the banks’ entire structure and well-being will collapse, so the expulsion of AI in CS is not an option. However, it is becoming increasingly visible that AI as a solution is not 19 preventative and only superficial. Furthermore, CS teams are underfunded and face challenges when requesting additional funds to set up the infrastructure to limit cyber- criminal activity. Acknowledgement of underspending in capabilities has grown. According to the Future of Cyber Security Survey (2024), 70 per cent of the survey respondents believe they are underspending and should spend more. The marked shift between the 58 per cent who acknowledged underspending in 2020 and the 70 per cent in 2023 alludes to companies suffering the consequences of underspending, as depicted below. Figure 1.2: Percentage of Fin companies underinvesting on CS capabilities Financial services institutions allocate approximately 13 percent of their IT budget to CS. Banks are not conducting exercises to ascertain how much capital will be lost with weak, fair and strong CS protection and ratioing it to the capital gains incurred. The 20 rapid pace of technological evolution is stripping time away from teams to focus on quantitative metrics to assess the impact – financial, ethical; operational, talent retention and upskilling and so forth – of AI of CS functionality and operationality. As banks continue investing heavily in technologies, there is now a warranted need to consider the short, medium and long-term implications of these technologies for CS to maintain protection of their environments and to question novel capabilities outside of AI that can prevent cyber security theft and enable improved protection of data and resources (Atkins L. B., 2024). Thus, financial institutions face various cyber threats that are both sophisticated and diverse. The volume of attacks and the increased complexity pose a significant risk. The increased number of successful cybersecurity attacks has led to increased sensitive data, critical infrastructure and financial asset compromises (Kayode-Ajala, 2024). Perpetrators of these attacks range from individual criminals to state-sponsored hackers. Threat actors employ a wide range of methods to attack financial institutions. Attacks can vary from basic phishing attacks to more sophisticated ransomware campaigns. As banks are using AI to innovate and increase their technological footprint, profitability and scalability, it is equally being adopted by cyber criminals to leverage key data points and attack resources and capabilities. These actions form causative questions: Is the AI used by the banks CS operational teams effectively combating the root cause of criminal cyber-attacks? Is a technological AI trimming needed to improve operations? What non-AI solutions and capabilities can be adopted to improve CS? This thinking form will formulate the basis of the research problem, questions, and the following justification. 21 1.3 Research Problem The use of AI has the potential to solve and address many of the cybersecurity concerns and challenges which the banking sector in South Africa is currently facing. However, AI, like any other technology, is also vulnerable to exploitation and cyberattacks (De Azambuja, 2023). Knowing the new threats and risks introduced when AI-powered technologies are used remains paramount. An analysis of the literature indicates that there is a research gap regarding the use and impact of AI in cybersecurity and South African Banks. Therefore, it is necessary to investigate the impact of AI-powered cybersecurity solutions on the number and severity of cyber threats in South African Banks year-on-year. The purpose of this research is to explore the impact AI has on improving the operational efficiency of cybersecurity in banks. While the adoption and implementation of AI across banks is rampant, does AI actually decrease the CS team’s workload and, based on machine-based learning and predictability, engage in smart learning to prevent attacks, or is it merely a tool/resource for responding to threats? The uncertainty and lack of clarity on the highly pertinent and impactful matter necessitated the investigation. 1.4 Research Questions  To what extent can artificial intelligence serve as an effective solution for eradicating and preventing cybercrime within the South African banking sector?  What are the factors that contribute to the decrease of the CS staff complement in banks to improve ‘organisational effectiveness’? 22  What evaluation criteria or assessment frameworks are employed by banks to assess the effectiveness of AI-CS capabilities in reducing cybercrime through preventative measures? 1.5 Justification for the study The impetus and justification for the study are based upon personal experience in cybersecurity in the banking sector in SA. While AI offers radical approaches to computing, processing and storage, it also offers innumerable challenges, lacks ethical and moral considerations and legislation, and provides little to no ramifications to cyber criminals during data theft and breaches. CS teams are often left in isolation when breaches occur due to AI. The justification is predicated upon understanding both ends of the AI coin. There are three main reasons why this topic has been chosen to explore. Firstly, AI is seen as a turnkey solution; that is, implementing AI capabilities in CS will eliminate any challenges and issues. AI does possess several advantages, especially regarding process, synthesising and collating email, endpoint, mobile, network perimeter security, for example, Distributed Denial of Service (DDoS), but most importantly, it does not eradicate threats from happening, which is the main function of CS. Secondly, machine learning is causing job losses, with only 50 per cent of a team needed compared to what was. Given the thin regulation around ethics in AI, with a smaller CS staff complement, data quality, protection and sanctity are highly comprisable compared to an in-person staff complement that can exercise ethical considerations and make decisions in line with business outcomes. From a human capital perspective, the impact on people needs to be considered in the medium-to- 23 long term, and not solely in the short term, as most people/organisations are currently doing. Third, Security AI systems are SaaS, which are sitting in the Cloud. This begs the question: Are banks fully aware of the telemetry that the AI system is collecting, where it is stored and who has access to it? Do they understand the potential impact if the data collected by these AI platforms land in the wrong hands? An ongoing supply chain and third-party risk need to be considered. Using highly specialised capabilities for criminal activity will always be open and an option. AI can be used to compromise security AI systems and to poison data used by AI algorithms. AI, like any other technology is vulnerable to misuse and attacks. The adoption of AI in CS is a trend. But once an organisation employs AI to a certain degree, there is a point of no return. This paper adopts the view that AI CS platforms do not improve a bank's cybersecurity posture as popular consensus dictates, but AI becomes the oxygen for digital firms to a point of cessation. Today, big banks have no choice but to adopt AI technologies. With an already laid-out trajectory, will AI/CS operate on a loop-based continuum ad infinitum? 1.6 Delimitations of the Study The key limitation of the study emerged in the disparity between access to private quantitative data within banks' CS teams and the qualitative methodological approach adopted to ascertain results. The primary intention of this paper is to ascertain if AI has a real impact in preventing cyber-crimes, saving organisations money and developing critical infrastructure to limit the attacks against banks due to impenetrable 24 protections. Unfortunately, access to this data amongst all big banks is highly confidential and public knowledge or it will jeopardise their overall CS. As a mitigatory response and methodological substitute, this paper employed interview questions with key personnel in CS in the banking sector to gauge their sentiment on efficacy, impacts, and solutions. What follows is the Literature Review, which explores a holistic view of the interplay between AI and CS in a macro- and micro-economic landscape. 1.7 Report Outline This paper will adopt the following chronological structure to answer the research questions. Chapter 1: Introduction This chapter contextualises the research questions and provides a background and landscape to the operating dynamic of cybersecurity professionals. It laid the foundation for the rationale for the research topic and positioned the research questions and their concomitant justifications. Chapter 2: Literature Review The Literature Review offers both a topographical and in-depth view of the body of literature that exists on the subject matter. It will specifically look at the evolution of AI adoption within SA banks with the key tools, processes and people that change along the way. The literature is categorised and analysed via the Technological Organisational and Environmental (TOE) framework as well as a psychological- 25 qualitative approach called Perception Theory. The usage of Perception Theory is novel to this paper and the industry as traditionally only technologically oriented frameworks have been used for technological analysis. Chapter 3: Research Methodology This paper has adopted a qualitative phenomenological approach to analysis. Twelve participants were chosen as the sample group, and they occupy diverse and various roles in CS operations within SA banks. Via semi-structured interviews, the participant's experiences and tenure in AI-CS provide an insightful, rich and accessible view on the intricacies and sensitivity of AI-CS operations. Chapter 4: Findings of the Study Chapter 4 offers an in-depth view of the answers provided in the interviews. The participants were asked questions that broadly but succinctly covered the internal operations of a CS team within a big bank. The data was categorised into themes, and the views of TOE and Perception Theory were used to analyse the findings. The questions were all curated to cover the research questions and very interesting outlooks that both confirmed and challenged the narrative were discovered. Chapter 5: Conclusions and Recommendations The paper concludes with an overview of how the research questions were answered. It presents a sobering view on the reality of AI-CS operations and mentions gaps within academia and the technical CS teams that future research can explore. Lastly, a framework was created that showed how data travels across CS operations and the risks and benefits that teams and organisations face in the data journey. 26 Chapter 2: Literature Review 2.1 Introduction This Literature Review aims to review the existing body of work on the subject matter delineated. While there is an exceptionally large body of academic and technical literature on AI itself across all sectors globally, the interplay of AI in cybersecurity operations is relatively niche. Furthermore, the determination in assessing the ‘perceived impact’ of AI in CS operations within banks was remarkably thin and infantile. This presented two core challenges. The first challenge was the ultra- technical nature of AI CS data. While the body of literature was thin, the journal articles and online sources offered a very in-depth view of the software being used, but it solely mentioned the solutions being used and the rationale – a digital evolutionary mapping. This information was vetted by the researcher, who has direct experience in bank CS operations. The TOE framework will be used for its holistic outlook in structuring the ideology of AI adoption in CS operations. The framework also assists in answering RQ2. The second challenge, which was more acute, was the subjective nature of assessing the impact and adoption of AI in CS within banks in SA. There was a lack of succinct theories and frameworks to draw upon that assisted in answering the research questions. The Technology Acceptance Model (TAM) was initially explored for its acceptance usage framework. Still, it did not suffice to guide the core research questions of whether or not AI is supporting CS operations. Looking outside of technological approaches and frameworks, this paper adopted Perception Theory as the guiding framework in gauging the efficacy of AI solutions in CS operations. 27 Perception Theory, with its qualitative phenomenological outlook, has dramatically guided the narrative and opened the channel to inter-disciplinary pollination and provided a unique philosophical-psychological outlook completely unexplored in digital and AI approaches and frameworks. This has also informed the framework-come- theory postulated and positioned in Chapter 5, respectively (RQ3). The structure of the Literature Review is head-first to explore the vicissitudes and advancements of AI in cyber-security, followed by a critical analysis of Perception Theory. The Literature Review will conclude with a synthesis of AI-CS and Perception Theory. Before continuing, it is important to mention that the taxonomy of AI can be dissected across themes and applied to all sectors of the economy, from military advancements, determination of cases in the healthcare sector and so forth. The AI lexicon is vast. The term AI encompasses smartphone usage to metaheuristics, and a definition of the term itself is evasive despite standardisation attempts by governments, industry leaders and digital organisations. Inspired by Kelly, Kaye and Oviedo-Trespalacios (2023), the following definition of AI will be used in this paper: “An unnatural object or entity that possesses the ability and capacity to meet or exceed the requirements of the task it is assigned when considering cultural and demographic circumstances.” (Kelly, 2023, p. 2). There is an exceptionally large body of literature available on AI itself, should the reader wish to explore, but given the vastness of AI, for the purposes of this paper, AI will be contextualised in the cybersecurity operations within South African banks and will not be explored any further. 28 2.2 Defining the TOE Framework TOE examines the adoption of technology from the viewpoint of an organisation. It outlines the various aspects that impact the adoption of technology and the probability of its implementation. The theory suggests that the technology adoption processes of an organisation are influenced by its technological, organisational and environmental settings (Hasani, 2023). The technological context encompasses the internal and external technology pertinent to the company. Technologies encompass both physical equipment and procedural methods. The organisational context refers to the attributes and assets of the company, such as its dimensions, level of centralisation, level of formalisation, managerial framework, workforce, quantity of surplus resources, and connections among employees. The environmental context encompasses the dimensions and composition of the industry, the firm's rivals, the overall economic conditions, and the governing framework. The TOE framework offers a comprehensive viewpoint on technology adoption, adaptability and application (Baker, 2011). The TOE framework is relevant to this study from a technology perspective because AI, as a technology, can help transform CS operations and help assess the readiness and compatibility of AI-CS solutions within local banks in SA. From an organisational level, the TOE framework evaluates the factors that influence the adoption and impact of AI on banks, such as resource constraints, skills shortages and legacy systems, to name a few. South African banks are highly regulated and operate in an environment with a growing need for financial inclusion. From an environmental perspective, the TOE framework considers external pressures such as regulators, legislations and 29 policies, customer expectations and inter-bank competitiveness. All three features will be discussed chronologically. 2.3 Technological component of TOE affecting CS operations AI has the potential to transform cybersecurity and improve its efficiency and effectiveness. AI-based security software enables faster detection and response to CS threats. It automates repetitive tasks, freeing security professionals to concentrate on more intricate security-related tasks (Sontan, 2024). AI systems can filter through massive amounts of data and identify patterns that point to possible threats. The adoption and use of AI-powered systems in CS is expected to significantly increase globally. Markets and Markets predicts that the global market for AI in cybersecurity will increase from $8.8 billion in 2019 to $38.2 billion in 2026 (a 23.3 per cent increase) (Ibrahim, 2023). Organisations use AI to improve and strengthen their cyber defence systems against cyberattacks. AI benefits businesses that use it in their cyber defence operations. The advantages include automation, threat intelligence, and enhanced CS. AI-based CS tools are increasingly important for identifying and averting cyberattacks (Ibrahim, 2023). The growing use of online services has seen an increase in the frequency and sophistication of cyberattacks, resulting in an obsolescence of traditional CS solutions (Kaur, 2023). Networks and system complexity are increasing, and AI-powered cybersecurity solutions have become essential. The adoption and use of AI tools provide considerable advantages to organisations in assisting them in protecting their networks from cyberattacks (Jada, 2024). 30 2.3.1 The necessity of Cybersecurity In today’s rapidly advancing digital age, the CS landscape confronts unprecedented cyber threats. Traditional security measures, such as firewalls and intrusion detection systems, have fallen short in their advancement as they require manual processes and systems drastically slower than the automation and speed of data processing offered by AI software and solutions. The COVID-19 pandemic exacerbated the adoption and scaling of AI as businesses of all sizes shifted to an online presence and banks experienced a surge in activity to cater to customer needs and improve competitiveness. Simultaneously, this led to a surge in cybercrimes, which is predicted to reach $10.5 trillion in 2025 (Eian, 2020). To mitigate these losses, there is a poignant drive to improve AI-related resources and tools to improve banks' cyber defence. AI mimics and simulates human behaviour, resulting in the speed of automation beyond manual human capability and with profound benefits (Xu, 2021). The evolution of AI from Machine-Learning (ML) to Deep-Learning (DL) has minimised human error and effort. It has become an invaluable tool to the myriad forms of cyber-attacks banks face daily. How society functions has also rapidly changed. Customers would traditionally only go to a brick-and-mortar bank or telephonically discuss certain mandated matters, but today, all forms of banking can be performed online. Resultantly, cyber-attacks disrupt and target computer systems, networks and data, and stringent security measures exist along these triadic platforms (Salem, 2024). Tabulated below is a non-exhaustive list of cyberattacks: 31 Type of Attack Description Phishing Tricking individuals into divulging sensitive information such as login credentials and financial data by masquerading as trustworthy electronic communication (Forbes, 2024). Malware Malware/ ‘malicious software’ includes viruses, worms, trojans, and ransomware that are designed to damage or unauthorised access to computer systems and data (Forbes, 2024). DDoS Denial of Service (DoS)/Distributed Denial of Service (DDoS) attacks overwhelm a system's resources, making it unable to respond to legitimate service requests. DDoS attacks use multiple compromised computer systems as sources of attacks, exacerbating the scale and impact of assault (Forbes, 2024). MitM Man-in-the-Middle (Mitm) attacks that are invisible, intercept communication between two parties, resulting in theft, alterations or fabrication of messages, leading to data breaches and eavesdropping (Forbes, 2024). SQL Injection Exploits vulnerabilities in a database-driven website by injecting malicious SQL statements, resulting in access to sensitive data that can be tampered with and manipulated (Forbes, 2024). Zero-Day Exploit On the ‘zeroth’ day, a vendor becomes aware of a vulnerability. The attack exploits vulnerabilities before they can be addressed, exacerbating the ability to defend (Forbes, 2024). Ransomware A form of malware that encrypts a victim's files, making them inaccessible and holding the victim hostage until they pay for the decryption key (Forbes, 2024). XSS Cross-site Scripting (XSS) attacks third-party web resources to run scripts in the victim's web browser or app (Forbes, 2024). 32 APT Advanced Persistent Threats (APT) occur when an individual or group acquires unauthorised access to a network for an unnoticed period of time, resulting in the exportation of data (Forbes, 2024). BEC Business Email Compromise (BEC) attacks target employees with financial authority to trick them into sending money into the attacker's account (Forbes, 2024). Crypto-jacking Confidentially uses a victim's computing resources to mine cryptocurrency. Password Attacks Attempts to crack a user’s password and phishing for passwords. Hacking tools include Brute-Force, Rainbow Table, Credential Stuffing, Password Spraying and Keylogger attacks (Forbes, 2024). Insider Threat Individuals within an organisation who misuse the company’s systems and data. Botnet Attack A network of compromised computers controlled remotely by an attacker to coordinate malicious attacks (Forbes, 2024). Table 2.1: Types of Cyber-Attacks (non-exhaustive) “Intending to cause damage, unauthorized access, or service interruptions that cause severe data loss or financial damage and often lead to long-lasting consequences, these are the insider threats that represent a significant and growing segment of these attacks, usually committed by disgruntled or rogue employees who exploit their authorized access to steal data or cause harm. These threats can also emerge from intrusive applications that users accidentally install on their devices, allowing these apps to access and misuse sensitive information. Advanced behavioural anomaly detection and auto-resiliency mechanisms are being developed to combat these 33 threats by proactively identifying and mitigating malicious actions at both the employee and application levels.” (Salem, et al, 2024, p.4). Irrespective of the nature of the attacks, AI can learn from data, compute, process and defend against threats and attacks, enabling the protection of infrastructure, software and data. The benefits of integrating AI with CS include improved decision-making due to concise quantitative data being easily accessible, enhanced detection of network intrusions, overall management of cyberattacks, and its impact on systems and software. This evolution, which allows for real-time detection and response, has significantly reduced the ‘false positives’ rate, which is common in traditional models of CS. ML and DL have enabled predictive analysis to be made of datasets and to identify potential vulnerabilities before they are exploited. This has enabled a preventative, proactive approach, as opposed to a reactive one (Welukar, 2021). For example, phishing attacks have become increasingly sophisticated, and traditional methods of detection have been unable to identify and prevent them effectively. Conventional methods relied on blacklists, heuristics, and content analysis but attackers are now using AI and social engineering resulting in convincing phishing emails that easily evade traditional detection methods (Eze C. S., 2024). The three main types of AI in CS that will be explored are ML, DL and Metaheuristic Algorithms (MA). 2.3.2 AI CS Anthropomorphism AI integrates vast quantities of data with fast, iterative processing and sophisticated algorithms. This allows the software to acquire knowledge automatically by analysing 34 patterns or characteristics in the data. AI is a discipline within computer science that spans several domains, such as ML, DL, data analytics, languages, and software engineering (Shrivastava, 2024). These fields frequently entail the creation of AI algorithms that mimic the decision-making mechanisms of the human brain. These algorithms can learn and remember information from available data, resulting in more accurate categorisation (Shaveta, 2023). Vulnerability management and remediation of vulnerabilities in operating systems and applications have become increasingly difficult, with organisations struggling to manage the ever-increasing number of vulnerabilities due to traditional models (Kumar, 2023). AI assists banks in better managing and remediating vulnerabilities across their networks. AI-powered vulnerability management systems can scan networks proactively for potential vulnerabilities and can detect and classify network vulnerabilities (Rizvi, 2023). AI-driven incident response platforms utilise sophisticated algorithms, such as ML and natural language processing, to examine security alerts, rank incidents based on importance and carry out predetermined reaction steps independently. These platforms can process high numbers of real-time security alerts and make data-driven decisions to promptly and efficiently resolve security events (Sontan, 2024). Using AI-powered incident response systems reduces human error, and the speed at which incidents are responded to is improved. The organisation's overall security posture is improved as AI-powered incident response systems are more flexible and scalable. AI-powered incident response systems can also assist with anticipating and preventing future attacks and improve situational awareness and threat visibility (Rizvi, 2023). The first shift from traditional AI-related vulnerability management and remediation was to Machine Learning. 35 2.3.2.1 Machine learning ML empowers computers to solve and interpret issues without extensive programming. The learning methodology analyses past data, consolidates various algorithms, identifies them and demarcates them into categories/typologies, and performs tasks based on the desired outcome (Kuntla, 2021). The algorithms are tri- pronged (see Figure 2.1 below), and cluster data to defend against the attacks mentioned in Table 2.1 above: Figure 2.1: Types of Machine Learning ML architectures are broadly scoped and focus on identifying false data to censor outcome manipulation. They detect network anomalies and internally function like an immune system by defending against alien or foreign data and software. While ML was promising for its duration as the forerunner of AI in CS, its reliance on manual feature extraction lay too close to traditional modelling, which limited the 36 efficiency and accuracy of threat detection and became a limitation within CS. ML’s functionality is significantly dependent on the precision of feature extraction and recognition (Eswaran, 2023). This is extremely important as biometrics has become the access format of customers within banks. 2.3.2.2 Deep Learning Disruptions and growth of technologies within AI are almost always a result of shifts in the global/macro-operating environment. Akin to CS responding to threats in a reactive way, the development of AI has produced novel solutions reactively. The IoT, the explosion of network connectivity, positioned CS at the forefront of operations due to the large amounts of data that needed to be stored on the cloud. Malware and third- party cloud computing and data storage suppliers became the new target for cyber- attackers. Attackers would look at networks and malware points of vulnerability, and where ML had reached its zenith in protectionism. Herewith, DL presented an anthropomorphic response to the challenges, CS methodologies, and operations as a whole (Morovat, 2020). DL grew from some of the challenges of ML. It revolutionised the AI landscape by creating “Advanced neural networks that can process large amounts of data and learn from experience, mimicking human brain functions to recognize complex patterns” (Barik et al, 2022). It mimicked images, voices and behaviours and open pathways for changes in robotics, speech and facial recognition. In the sphere of CS, DL plays a critical role in detecting intrusions and monitoring for malware (Musa, 2024). It was propelled by advancements in preventing APT attacks by recognising different scales of attacks used in the most evasive tactics (Salem et al, 2024). As presented in Figure 37 2.2 below, the neural network has several layers, all highly complex and hidden in nature. These barriers prevent the breach of attacks, help systematise and categorise the attack type and configure and learn based on the inputs to adapt to the rampant and diverse types of attacks across all three malware platforms, network and data. Figure 2.1: Difference between Simple and Deep Learning Neural Networks Naturally, given that customers are providing access to their biometrics, there are stringent requirements for data protection, as loss of data could result in a customer’s breach of privacy and hackers and cyber thieves using the data to gain access to customers personal information resulting in identity theft, citizenship mimicking, bank account information and social media accesses. A significant and tight regulation is needed on this account. The necessity of CS was never more prudent. As the bank's CS teams improve their solutions and offerings, cyber thieves also use the latest AI to engage in criminal activity, creating a hostile environment, but also being the impetus for ongoing progress and development. The next type of AI comes in the form of MA. 2.3.2.3 Metaheuristic Algorithms MA addresses complicated problems that cannot be solved using standard processes. 38 MA are optimisation strategies inspired by animals' problem-solving activities and abilities in their natural habitats. The algorithms have shown remarkable optimisation- related success when applied. MA is delineated into four categories, namely evolution- based, swarm intelligence-based, physics-based, and human-related algorithms as shown below: Figure 2.2: Four Types of Metaheuristic Algorithms in CS operations MA is vital in improving the efficiency and accuracy of various detection learning by enhancing the learning as they expand the search space explored during model training, potentially uncovering superior solutions that traditional methods might miss. This is particularly beneficial in CS, where the landscape and attack patterns change rapidly. The advantages of MA in cyber-attack detection and defence include, according to Nordin et al (2021) in A comparative analysis of metaheuristic algorithms in fuzzy modelling for phishing attack detection, an improvement in optimisation, automation and speed.  Optimisation: MA’s are better at finding optimal solutions to complex problems that are otherwise too challenging for conventional methods; 39  Automation: By automating the tuning of detection parameters, the algorithms minimise the need for human intervention, making the detection process fast and reliable;  Speed: MA achieves faster convergence to effective solutions, essential in time- sensitive cybersecurity environments where threats must be quickly identified and mitigated. Collectively, these AI-based technologies address the challenges in CS more effectively than traditional methods. They do so by automating the detection and response processes and enhancing the speed and accuracy of threat detection. Understanding the mechanisms and operations behind these AI models offers more profound insights into their application, highlighting their critical role in developing more resilient cybersecurity systems. MA supports the robustness and adaptability of cyber-attack detection systems, making them more effective against various cyber threats. They ensure that detection systems are accurate and remain relevant as attack methods evolve. Interestingly, the results of AI were experienced similarly in Qatar's banking sector. In a study conducted by Al-Dosari et al (2022) it was revealed that AI is a crucial technology for enhancing the cybersecurity measures and posture of banks in Qatar. In another study done by Ibrahim and Hassan (2023) it was found that established businesses were using AI to boost their defences against new emerging threats. AI- powered technologies is rapidly changing cybersecurity, making it more effective and efficient. AI can utilize predictive modelling to proactively prevent threats, identify threats in advance and proactively prevent them by analysing previous attacks and by 40 identifying patterns. AI can quickly assess security risks and act on potential threats in real time (Rizvi, 2023). AI is now used for real-time threat detection and prevention, as it can continuously monitor network traffic and identify suspicious user behaviour through AI-powered behaviour and anomaly detection systems (Sontan, 2024). AI CS technologies can help enhance threat detection, vulnerability analysis, and incident response. 2.4 Organisational component of TOE affecting CS operations Every organisation, including banks, has certain goals and objectives to achieve year- on-year. In SA alone, the top-tier banks possess a healthy level of competition, which promotes the advancement of AI and digital tools and solutions. The banks have become the entry point and testing vehicle of anthropomorphic AI deployment. The influence of AI cuts across all sections of the bank, from the increase in productivity in legal departments due to AI storage, processing and data tools, to brick-and-mortar stores increasing the number of digital features in the stores to improve customer service. AI has infiltrated all parts of the bank as an ideology and way of operating. In this context, four points will be analysed: the interconnectivity of AI, third-party vendors, CS security personnel and the gig-economy. AI as a tool has a scalable feature. Depending on the nature of work to be completed, anything from data processing and storage can be performed, up to highly complex malware and Central Processing Units (CPUS). The scalability and interconnectivity of AI allow for a centralisation functionality that accords CS officers oversight over data, network, and malware intra-organisational protection (Ahmed et al., 2022). “Network protection using AI-driven network analysis systems (NAS) and network 41 protection systems (NPS) can guarantee the safety and availability of computer networks within an organisation, not just for a single computer but for an entire computer network system simultaneously.” (Xu, 2021). AI solutions can be adopted at any juncture within the life cycle, allowing for a complete interconnected solution. Each feature exists as a totalised, individual whole, while belonging to a bigger totalised centralised system (Raimundo, 2021). The usage of third-party vendors has necessitated the need for greater protection. While internal threats can be detected and managed, external threats from vendors has the ability of crippling the system. CS defence and protection must also extend beyond the parameters of the banks, including the vendors. The use of AI has an impact on the people supporting cybersecurity platforms. Due to its rapid growth, AI technology has created gaps by displacing the market’s knowledge and understanding of operational procedures. To stay employable and competitive in the field of CS, professionals need to learn about AI and gain expertise on AI-powered platforms continuously. Having the right people to implement and support AI-powered cybersecurity platforms in an organisation is critical. Additionally, and sub-tangentially, employee-training programs are essential, focusing on the significance of cybersecurity knowledge to deter phishing attempts and other forms of social engineering approaches (Andriu, 2023). In a study conducted by AL-Dosari et al. (2022) and Ibrahim and Hassan (2023) it was found that there is a lack of skilled employees who can deploy, and support AI-powered cybersecurity platforms. The gig- economy, the notion of a global citizen and the outsourcing of IT specialists were common practices between 2010 and 2020; the COVID-19 pandemic magnified the practice. While retaining key talent and finding the right people in person may be 42 challenging, remote working has allowed banks to rely on personnel in other countries for the experience and expertise in managing the systems and processes. Lastly, there is the looming concern of relevancy and machines replacing humans. Time-consuming and manual tasks are now being performed by AI, displacing human labour. There is an ongoing debate and thoughts of regulation to prevent the wholesale machine-replacing-man narrative, the results of which have massive macro socio- economic consequences. 2.5 Environmental component of TOE affecting CS operations AI collects and processes large volumes of data, and personal data usage in AI models is growing, which presents significant challenges to sensitive data protection. The data protection used by AI has become increasingly concerning (Sontan, 2024). Protecting this data is critical, as misuse or exposure can impact privacy and individuals’ rights. There is a mandatory need to protect AI privacy as a fundamental right. Organisations must address the associated privacy challenges and take steps to protect personal information. AI regulatory and ethical frameworks can guide to ensure the ethical and responsible use of AI (Ferrara, 2023). However, on par with international standards, there is no regulation on AI. Presently, there are only four Acts that enforce and protect customers' data in SA - the Protection of Personal Information Act (POPIA), the Copyright Act, the Patents Act, and the Competition Act. After coming to power in 2019, President Cyril Ramaphosa initiated commissions and steps to help regulate AI in the fintech industry, but no formal enforcement has been issued to date. Given the absence of standardized regulations for AI usage across 43 countries, prospective research can delve into diverse legal frameworks that effectively oversee the application of AI in cybersecurity within different nations. These studies can potentially mitigate the risk of malicious AI usage in organisations by contributing to the establishment of more comprehensive and effective regulatory measures. 2.6 Challenges to AI CS operations The challenges of AI in CS will follow the same format as TOE. 2.6.1 Technological Challenges Human error is the main factor contributing to CS breaches (Amoresano, 2023). Humans are considered the most vulnerable point in the cybersecurity system. Whether the human error is a decision-based error or an error in performing the task, whether that fault is intentional or not, or skill-related, the initial stage in establishing a highly secure cyber environment is by eliminating the possibility for human error. Automating CS tasks by leveraging AI minimises the requirement for human involvement and interaction, reducing potential human mistakes throughout the security lifecycle. What sometimes takes hours to do, AI can do effectively and efficiently in seconds (Jada, 2024). The use of AI still faces challenges, as there are harmful activities from telemetry that AI does not identify as threats. Adversarial actions targeting ML can manipulate ML training samples to influence the ML model’s accuracy (De Azambuja, 2023). These attacks aim to disrupt the sample data’s quality, undermining the model’s trustworthiness. The goal is to generate malicious behaviour that appears legitimate. 44 AI’s potential replacement of security analyst roles, normally responsible for detecting and responding to these events, is hindering its effectiveness, leading to uncertainty in the risk mitigation strategies of financial institutions like banks. Furthermore, the algorithms used by AI tools may raise concerns about their testing, potentially leading to bias and some threats not being detected (Ibrahim, 2023). Vulnerabilities and risks associated with AI platform implementations have grown in concern. The manipulation of training data, the initial design of the system, the lack of robustness in AI algorithms, and the abuse of implementation weaknesses all lead to vulnerabilities in AI (Villegas-Ch, 2023). These risks lead to adversarial attacks, unwanted biases, information leaks, and AI model manipulations. Implementing a robust security framework is necessary to mitigate these risks (Villegas-Ch, 2023). Hackers can exploit AI-based protection systems and evade the AI from detecting them. AI-driven attacks use neural fuzzing, allowing them to progress more rapidly than AI-powered protective tools. Neural fuzzing employs neural networks to detect vulnerabilities in AI-powered systems, which enables threat actors to acquire knowledge from existing AI-powered systems (Jada, 2024). Explainable AI (XAI) - knowing why and how algorithms make their decisions, is critical in CS, and current AI algorithms lack that transparency, which erodes and questions their trustworthiness (Tiwari, 2023). The matter is sometimes exacerbated by the intricate neural networks and DL algorithms, as they function in ways that are not easily comprehensible to humans. XAI allows security analysts to comprehend the reasoning behind AI-generated alerts, suggestions, or choices by revealing the inner workings of AI algorithms (Sontan, 2024). Considerable progress has been achieved in the domain 45 of XAI, as researchers have devised strategies and procedures to augment the transparency of AI systems (Tiwari, 2023). The deployment of AI in cybersecurity is challenging. According to Aggarwal (2023), AI systems require extensive data to function effectively, and processing such volumes can be resource intensive. The risk of false alarms can undermine user trust in AI systems, and delayed responses to threats may compromise system effectiveness. AI models trained on biased or unrepresentative datasets have the potential to acquire and magnify existing biases, resulting in outcomes that are unjust or discriminatory. (Ferrara, 2023). Training data biases can arise from historical inequities, cultural prejudices, or sample biases, leading to biased predictions or choices by AI systems that disproportionately affect specific groups or individuals. It is crucial to prioritise establishing impartial data and model development to advance equitable and ethical AI. Methods such as dataset augmentation, bias-aware algorithms, and user feedback can be used to address the issue of bias in AI (Ferrara, 2023). There is no one-size-fits-all solution like traditional firewalls, anti-virus or anti-malware software (Cucu, 2019). Each AI solution must be tailored to a specific organisation using organisational-specific internal and external data (Raimundo, 2021). This requires greater financial and manpower commitment, and greater hardware and infrastructure commitment to implement. Whilst traditional network security tools such as firewalls and anti-virus software are universal, they are seen today as border-based protection (Xu, 2021). AI-driven NASs have substituted these traditional network protection mechanisms as they are faster and more efficient (Aliyari, 2021). 46 2.6.2 Organisational Challenges The future of AI evolution involves tackling emerging threats, scalability, deployment challenges, and organisational readiness, including necessary training for cybersecurity professionals. One of the main obstacles to multi-lateral and multi-vertical adoption of AI is infrastructure and hardware requirements, as significant CPU and manpower are needed, skills which are currently not present in the industry (Dawson, 2021). Implementing AI requires a range of specialised professionals, such as data scientists, data analysts, AI experts, machine learning specialists, developers, cybersecurity specialists, and project managers, each with different levels of technical expertise. (Attaran, 2018). This bars the high costs required for once-off implementation and maintenance (Wilkins, 2018). Without the manpower and budget, pilot testing and implementation could take years across an organisation. This excludes the starting point of systems, some of which are legacy and require a complete technological overhaul. Another challenge lies in the compatibility issues caused by the continued use of outdated systems, programming languages, and overall technological infrastructure in many organisations. Legacy systems fails to adequately support the requirements of AI and ML technologies. For instance, the analysis of vast amounts of complex data, a critical step in successful AI and ML deployment, is hindered by the lack of scalability offered by legacy databases and obsolete systems. Implementing AI solutions in organisations is not a simple task, as it often necessitates a complete overhaul of the technological infrastructure (Arasada, 2021). 47 The literature consistently highlights a recurring theme of insufficient high-quality, error-free, clean data availability. AI solutions rely on extensive datasets for training models and achieving accurate results. As a result, obtaining a large quantity of data is essential for training AI models effectively (Sun, 2022). Implementing a cyber-AI solution necessitates a more complex organisational data management process due to the diverse volumes and types of data stored, the speed at which data is accumulated, the need to maintain data confidentiality, and the constant requirement for additional data (Raimundo, 2021). This aspect is particularly crucial because the intelligence of AI solutions relies solely on the quality of the datasets used to train the models. 2.6.3 Environmental Challenges There are no global, national, or industry-specific regulations to manage the enforcement of AI, let alone CS operations. The ethical and moral challenges lie with individuals and banks themselves in controlling data. The lack of regulation enables insider breaches and attacks for financial gain. 2.7 Defining Perception Theory Andrew Demuth in Perception Theories (2013) Analyses the consequences of higher cognitive processes and its link to perception. What is perception? Where is the origin point of perception? What informs what we perceive and how we process the information we perceive? Perception Theory walks the bridge between general and cognitive psychology and philosophical epistemology and prompts one to explore the episteme and ontology of perception. The notion of perception is important to this paper because the core question is to understand the perception of AI in CS operations. As witnessed in the literature above, AI is anthropomorphic, it has a 48 scalable feature and operates through a centralised system that can easily proliferate the essence, DNA and fabric of an organisation. It also has the propensity to alter the ethos of a department and organisation. The perception of the effect AI has on the technological resources, on the intra and inter-organisational dynamics for the promotion of growth and well-being, as well as paying heed to regulations to protect the integrity of data conferred by customers, is crucial. While AI is in vogue and at the forefront of the digital revolution, the underside of the belly is dark and dangerous. Thus, the perception of AI needs to be an ongoing question to purview the landscape and determine its success or lack thereof. Are the challenges of AI to CS outweighing the benefits, and is there a non-AI solution? Are banks getting carried away by the current of AI? What is the social impact due to a mammoth disparity between AI-user organisations and non-AI user organisations? Is the continuous implementation of new AI features necessary? Does AI truly support CS operations or make operations more challenging to manage? Perception Theory will provide a frame of reference for exploring the mapping of how to answer these cutting-edge questions. The weightiest question in Perception studies is ‘What is the source of our cognition?’ The perspective is bifurcated into internalists, who propound a top-down approach and externalists, who espouse a bottom-up approach (Demuth, 2013). The former school and body of thought proclaim that knowledge, its sources and principles can be found within the subject itself, and cognition is but a mere discovery of a priori pieces of knowledge. The internalists are championed by Descartes and Plato, who believe that knowledge is about the collection of already acquired contents. All knowledge is pre- existing and present; our perception and cognition bring realisation to what is (for example, the source of MA is nature). The second school looks at cognition through 49 an external sense, that being – experience. The externalists asserts that the mind is a blank sheet of paper (tabula rasa), and an external reality prints all knowledge. The externalists adopt a phenomenological stance in that they view cognition as a composition of social constructs created by personal, familial, cultural and socio- economic conditions, and the on-going overlaying of experiences constantly alters one’s perception of their environment and world (Demuth, 2013, p. 15). Perception is the rationalisation of one’s personal experiences. Figure 2.3: Difference between Internalists and Externalists A question confronting authors and supporters of both schools asks the next question of how one can explain the awareness of a new reality in our consciousness. How does consciousness/the mind meet the world? The point that both schools agree on is the trustworthiness. The trustworthiness of a statement is maintained by the trustworthiness of the source/authority that postulates it (akin to a non-manipulative subject-matter expert). As Descartes articulated, ‘we must verify the knowledge principles themselves.’ The verification of testimonies takes three forms (Demuth, 2013): 50 1. I verify data myself, but it may not be possible when one needs to test the data using an instrument. For example, using a microscope as opposed to optical vision can alter or skew information 2. Testing the testimonies by mutual confrontation – Populus data testing on a large target sample. If most people share the same sentiment, it must be correct. However, the majority is not always correct 3. Critically reassess the reliability and competence of each witness and their testimonies—In the judicial system, the verdict of the witnesses is important based on the background and sanctity of their truthfulness. This is tested by assessing how a sample witness arrives at his own testimony by verifying what he has already seen (his perception). Point three satisfies the paradox of one and two. Thus the synthesis of the internalist view (all knowledge is already pre-existing it is only rationalisation and awareness to it that is required) and the externalists view (one’s perception is based on personal experience and to each individual that will differ based on the matrix of social constructs he operates from) is a collective acknowledgement from a large body of people who all have experience on a subject matter and can verify data based on their own internal and external sense of perception. Now that the horizontal paradigm has been established, the vertical paradigm will examine the top-down and bottom-up approaches to perception. 51 2.7.2 Cognition, Science and Perception Flow Philosophers were the first to explore perception. As centuries passed and the Scientific Revolution took hold, there was a need to methodologically test every idea and perception to assess if it fell within reality. Philosophy provided the fodder for the inquisitive nature of science. “Philosophy enriched science not only via concepts and ideas, but also through distinctive methodology and ways of thinking. As good examples, we can mention the introspective method, the phenomenological reduction, and the description of phenomenological experience.” (Demuth, 2013, p. 20). According to the direction of data acquisition and processing, information can be positioned into a ‘top-up’ or ‘bottom-down’ approach. On the one hand, the bottom-up approach (herewith the neurological-cognitive stance will not be looked at) views data from a distance first and, upon closer inspection and engagement, can see and experience the complexity of processes. On the other hand, the vantage point for the top-down approach (again, the neurological-cognitive stance will not be looked at) is feeling. There is an inner sight and inner feeling about a subject matter that probes the exploration into determining action. It is top-down because the feeling appears as a thought in the mind and trickles into bodily action via the exploratory process. The essence of the top-down approach is tied to the view that one needs to have knowledge and experience in a field to help organise the cognitive contents (Demuth, 2013, p. 23). 52 Figure 2.4: Difference between PT’s Top-down Bottom-up Approach The internalist-externalist view and top-down bottom-up perspectives are significantly richer and detailed. While this paper wishes to explore the exactaties of the ethos on a grander scale due to constraints, the door will be left open for future explorations and determinations. In what follows is the adaptation of Perception Studies to AI and CS. 2.8 AI-CS and PT – A Synthesis The author's personal experience will act as the basis of the investigative eye in this synthesis/processing juncture, with its zenith being explored in semi-structured interviews and presented in the findings (Chapter 4). From the outset, there is an already systematic placement of the subject on both the internalist and externalist spectrum. Regarding the former, the author/researcher/subject has a priori experience in CS operations in the banking 53 sector and has first-hand experience in witnessing the evolution of AI tools and software from traditional firewall and malware tools to AAI and GenAI in the CS realm. The questioning of efficacy emerges from the ongoing exposure to the dynamics and effects of AI in CS. Positioned on the tabula rasa part of the externalists' view, the experience and almost AI-saturation in CS operations warranted the questioning of ‘what else’ and ‘what next’. Apart from the anthropomorphic nature of AI, which is in the infant stage of its revolution, what other technological pursuits can be created, gauged and utilised to prevent an AI burn-out that has deep-seated ramifications for organisations and society as a whole given the lack of regulation in the industry? However, there is a leaning towards the externalists' position given the basis of perception questioning that emerged from tenure and experience in the industry. Figure 2.5: Locating the subject on Perception Theory's Quadrants Perception according to the horizontal paradigm is that experience within AI is a critical necessity when deciding what features to implement or not implement. The resources – personnel, infrastructure, and financial - are all needed to create a supporting 54 environment for AI implementation, without which the system has a way of failing the organisation. This is specific to CS operations within SA banks and broadly applicable. Across the vertical axis of bottom-up and top-down, the author/researcher/subject aligned predominantly towards the top-down approach as the genesis of the thought- piece is the semi-mal-adaptation of AI in CS due to organisational pressures. Interestingly, the proximity to aligning with the top-down approach emerged from the bottom-up perspective. An analogy will be used: in the bottom-up perspective, a subject views an object from a distance, and with closer and closer engagement, the nuances and complexities can be seen and experienced (Demuth, 2013). The example used will be that of an apple. An apple, based on the outside covering, can be understood based on form, colour and size. Its texture can be gauged through touch. However, to the onlooker, the contents of the inside of the apple are unknown. The subject can bite into the apple and taste it, a step closer to understanding the apple – the taste, the texture, the juice, and so forth- but still, the contents are unknown to him. Upon the slicing the apple in half, the subject sees the core and the penultimation in the experience is the realisation that the apple's seed contains many apple trees. The researcher’s engagement with AI and CS affords him the trustworthiness, credibility and validity. Secondly, the vertical and horizontal axes are currently seen as static. To make them dynamic, they are viewed in 3D. This 3d form and credibility of perception of AI improving the efficacy of CS operations is tested by taking a subset of personnel, like the researcher, and testing their perception. As discussed in Chapter 3, 12 samples with varying levels of experience (2-28 years) were used in semi-structured interviews 55 to gauge their perception, sentiment and outlook of the efficacy of AI in CS operations in banks in SA. The articulation of the totality of the impetus and sentiment of the paper related to the ongoing effectiveness of AI in CS operations in SA banks can be experienced in the following quotation: “Where in the world is a metaphysical subject to be found? You say here it is just as with the eye and the field of vision. But you do not really see the eye. And nothing in the field of vision allows the conclusion that it is seen by an eye.” - Ludwig Witgenstein, Tractatus Logico–philosophicus, sentence 5.633 (2010). 2.9 Literature Review Findings Viz Research Questions Research Question1: To what extent can artificial intelligence serve as an effective solution for eradicating and preventing cybercrime within the South African banking sector? From the literature, AI is not seen as a turn-key solution and is not viewed and used to eradicate cybercrime wholly. It is a mitigatory, reactive response that is anthropomorphic , and as new threats and attacks arise from complex, sophisticated attackers and software, the CS teams are in a position of response. The use of AI is to advance the banks position, and defence strategies are developed based on the views of potential threats and when threats and attacks occur in real-time. Research Question 2: What are the factors that contribute to the decrease of the CS staff complement in banks to improve ‘organisational effectiveness’? There is an overwhelming perception that the introduction of AI results in an almost immediate lay- off of staff, be it within or outside of CS teams. 56 Research Question 3: What evaluation criteria or assessment frameworks are employed by banks to assess the effectiveness of AI-CS capabilities in reducing cybercrime through preventative measures? The body of literature is exceptionally thin and infantile in nature on CS operations and AI and CS. A lexicon has just been created, and most studies (academic and technical) do not cover internal assessment matrices, banks, and organisations are using vis-à-vis to defend software and tools to monitor output. Presently no template/dashboard exists that is publicly available. This is not to say internal CS operating teams do not have one, but based on the available literature, none exists as AI tools are custom and augmented to a team’s needs and scale requirements. 2.10 Conclusion The TOE framework and Perception Theories created a scaffolding to identify and critically assess the body of literature of AI in CS operations in South African banks. Based on the analysis thus far, the approach and findings were both novel. Firstly, through the TOE framework, it was revealed that AI is generally viewed as a single solution that can either be integrated and adapted or not, and that the latest solution is the correct solution, precisely because of the perception that the latest update and upgrade is the best. However, the anthropomorphic nature of AI revealed that, according to an organisation’s needs, certain elements, features and infrastructures can be used and others not utilised at all. A legal firm may need simple protections and not the full GenAI feature. The Organisational modality revealed the lack of expert personnel resources needed to manage the system, and the scope for human error is 57 large; therefore, the quality of CS officers is of utmost importance. The environmental component revealed that the speed and velocity of the absorption of AI in SA banks far supersedes the time it takes to pass regulation. This places banks and CS officers at the helm of safeguarding and defending highly personal data of millions of individuals. The amount of power banks has accrued is becoming unprecedented and borderline dangerous. Via the literary discourse, it became clear that once an organisation starts on the path to advanced AI features, there is a point of no return. This, to a degree struck off and negated the notion that perception even counts, for once on the single road path, one must stay on it till the end. Secondly, through the analysis of Perception Theories and locating where and how perception forms, the process and outcome was one of empowerment. It located the author/researcher/subject as the focal point of the analysis, given his tenure and experience of working with AI in CS operations within South African banks, and positioned him on the quadrant of ‘externalist-top-down’. This view becomes a point of empowerment for the questioning of efficacy of AI in CS operations itself will prevent a herd-mentality of ongoing AI absorption and implementation, and place cognitive checks and balances in place before future AI uptake. 58 Chapter 3: Research Methodology 3.1 Introduction The purpose of this research is to explore the impact AI has on improving the operational efficiency of cybersecurity in banks. While adopting and implementing AI across banks is rampant, does AI actually decrease the CS team’s workload and, based on machine-based learning and predictability, engage in smart learning to prevent attacks, or is it merely a tool/resource for responding to threats? Two things are occurring concurrently. Firstly, there is not a large body of literature focused on the impact of AI in CS, enabling this research to fill the gap and guide potential users in deciding whether AI benefits them. Secondly, given the devastating impact leaked information could have on institutions, no prevalent data is existing that banks and other financial institutions are willing to readily share severely limiting the knowledge base of the true impact of AI and AAI on CS operations. Knowledge of AI and CS, both in operating and academic circles, is both slim and infantile in nature. Given the highly specialized nature of roles of CS officers and any operating tools being public knowledge, it will give fodder to cyber criminals hence the data available is scarce. To mitigate this challenge a qualitative approach was adopted. A qualitative approach guided by interpretivism as the research philosophy and the adoption of the Phenomenological Approach, combined with the researchers’ personal experience, allowed for highly applicable questions and ease of questioning to security officers in banks in SA. A sample of 12 participants were interviewed sequentially, allowing for healthy engagement and dialogue and creating space for nuanced 59 information to flow. Given the very thin body of literature on the subject matter, the findings of the analysis will inform the creation of a new model/theory that CS officers across sectors can use as a litmus test and an implementation framework to ascertain if AI is the most viable solution for their platforms and goals. The process is mapped below: Figure 3.1: Map of Research Methodology 3.2 Research Philosophy In a study by Kingsley Ofosu-Ampong (2024), he scoped the exact amount of literature available in academic and financial services domains concerning data on AI. Of the content published and produced over three years (2020-2023), only 14 per cent was qualitative. By adopting a qualitative approach, the paper will contribute significantly to the infantile nature of the topic itself and drastically aid in the body of literature and nature of findings in both academic and digital circles. Apart from the novel nature of the topic and given the key limitation of privacy of data to conduct a quantitative study, the author has strategically adopted a qualitative approach. 60 A qualitative approach aims to facilitate the acquisition of understanding through the experiences of others. Qualitative research designs possess several important qualities. These include a focus on comprehending meaning, utilising non-numerical data, employing inductive analysis, including subjectivity, utilising small sample sizes, maintaining flexibility, gathering rich and thorough data, and placing emphasis on context (Sharma, 2023). This method was selected as the research investigates the perceived impact of AI on cybersecurity operations in the South African banking sector. According to Ghafar (2024), qualitative research data offers several advantages: It is a detailed and comprehensive description of the participants ideas, beliefs, and experiences; It most accurately represents the human experience within specific circumstances; It provides various viewpoints, research methodologies, and tools to understand an individual’s experiences and; It gives an accurate and thorough assessment of a subject because they enable participants to ascertain which study aspects hold the highest significance for them. Interpretivism is the research philosophy adopted to answer the qualitative paradigm's core and subsidiary research questions. Four main research philosophies exist: positivism, interpretivism, critical realism and pragmatism. Interpretivism was the most appropriate given that the research methodology is qualitative, with the main approach being semi-structured interviews for a particular target and sample group (Jain, 2023). The results are naturally subjective in nature but given the infantile schematic of qualitative data on AI in general and AAI-come-CS, a qualitative view will offer an ontological view that a purely positivistic approach would be unable to generate. Interpretivism recognises that 61 “humans are different from physical phenomena because they create meaning” (Saunders, 2023, p. 150) and that reality is a navigatory matrix composed of the intersections of social constructs, the outcomes of which shape experiences, perceptions and interactions. By adopting interpretivism, which is inductive, the study explored the true lived experience of people with knowledge of specific phenomena. It uncovered the dynamic layers that not only constitute perceptions of AI and CS but also promote healthy cognition towards the approaches taken to the betterment of roles and resources. The aim was not to blanket participants' responses but to understand the rationale and perception behind the participant's interactions and engagements with AI, given their roles in CS. 3.3 Research Assumptions The ontological nature underlying interpretivism navigates the intersectionality of constructs and the outcomes produced because of. The nature of semi-structured interviews combined with the authors personal experience with AAI in CS enabled a healthy dialogue that unpacked the nuances of how the theological nature of AI is embedded into the ethos of banks, as well as AI being multifaceted in nature and a blanket answer to its perception and efficacy will not do justice to its impact in protection and digital development. As will be seen, depending on one's tenure within AI and one’s roles within CS, the outlooks of the participants have a natural similarity and natural variance. Interestingly, the outcomes tallied with the AI themes of Ampong (2024); that is, AI and AAI fall into 62 the typologies of technological issues, contextual knowledge co-creation issues, conceptualisation, and domains and applications. The typologies correspond with the interpretative, exploratory nature of the study, which recognises that AI in CS will have multiple constructs. However, the constructs exist within a system, and the nature of all ecosystems is the natural development of an order and hierarchy, which also has an unpredictive angle. The simultaneous interplay of agency within structure guided the qualitative approach and design. 3.4 Research Design There is a plethora of qualitative research designs, each with its unique characteristics and purposes. According to Among (2024), there are presently no frameworks on CS and AI and AAI given the generic nature of AI as well as the scant data produced on AAI and CS (There are general qualitative and quantitative AI frameworks such as TAM; Fuzzy logic; Self-determination Theory; Critical Theory and Antromorphism Theory, but they are not fully applicable to CS). As such, a phenomenological research design will be utilised. According to Jain (2023, p. 3) phenomenological research “Aims to understand the essence and meaning of human experiences related to a particular phenomenon. Researchers explore participants’ subjective experiences through in-depth interviews or observations to uncover the underlying structures and patterns of their lived experiences.” This approach successfully marries with the exploratory interpretive guiding philosophy. Data was gathered via comprehensive semi-structured interviews with individuals who are experiencing the phen