Presenting quantitative findings in a way that actually tells a story — rather than simply listing numbers — requires some deliberate structuring. The results here are organized to follow the logic of the analysis itself: who participated, what the data looked like at baseline, how the variables related to one another, and what the regression model ultimately revealed about predictive strength. Each layer builds on the one before it, and where the numbers invite interpretation, brief contextual notes are offered — though the deeper discussion is reserved for Section 4.
3.1 Sociodemographic Characteristics of the Study Sample
The final analytic sample comprised 325 cybersecurity professionals and IT policy stakeholders based in the United States. Their sociodemographic profile is summarized in (Table 1).
In terms of gender composition, the majority of respondents identified as male (n = 198, 60.9%), with female respondents accounting for the remaining 39.1% (n = 127). This distribution is broadly consistent with — though slightly more balanced than — workforce gender patterns typically reported in US cybersecurity surveys, where male representation often exceeds 70% (Johnson et al., 2021). Whether this reflects genuine shifts in workforce composition or sampling characteristics specific to this study's recruitment channels is difficult to say with certainty.
Age distribution skewed toward mid-career professionals. The largest cohort fell within the 31–40 years range (n = 141, 43.4%), followed by those aged 20–30 years (n = 102, 31.4%), 41–50 years (n = 64, 19.7%), and 51 years or older (n = 18, 5.5%). This pattern suggests a sample with meaningful hands-on experience — enough to have formed informed views about AI system performance — while remaining active in operational rather than purely advisory roles.
Educational attainment was notably high across the sample. The largest group held master's degrees (n = 142, 43.7%), followed by those with doctoral qualifications (n = 87, 26.8%) and bachelor's degrees (n = 96, 29.5%). Taken together, more than 70% of respondents held postgraduate credentials. This is both a strength — in that responses likely reflect substantive technical and organizational knowledge — and a potential limitation worth acknowledging, since it means the sample skews more highly credentialed than the broader cybersecurity workforce. Whether findings would hold across a more educationally diverse sample remains an open question.
3.2 Descriptive Statistics of the Core Study Variables
Before examining relationships between variables, it is useful to understand how each one behaved on its own. Descriptive statistics for all six constructs are presented in (Table 2).
AI adoption (X₁) achieved a mean score of 3.92 (SD = 0.74), indicating a moderately positive orientation toward AI integration among respondents' organizations. The standard deviation suggests meaningful variability in adoption levels — which is unsurprising, given the heterogeneity of organizational sizes, sectors, and resource environments that almost certainly existed within a purposive sample of this scope. Workforce expertise (X₃) scored comparably, with a mean of 3.88 (SD = 0.69), suggesting that respondents generally perceived their teams as reasonably capable of operating AI-augmented systems, though not uniformly so. System complexity (X₂) returned the lowest mean among the predictor variables at 3.71 (SD = 0.68), which, given that higher scores on this scale represent greater perceived integration difficulty, implies that system complexity was a present but not overwhelming concern for most respondents.
The performance outcome variables showed a notably different pattern — one that is, perhaps, worth pausing on. Detection accuracy (D) achieved the highest mean in the dataset at 4.03 (SD = 0.66), followed closely by system stability (S) at 4.00 (SD = 0.64) and response efficiency (R) at 3.97 (SD = 0.71). All three dimensions of the composite cybersecurity performance index scored above 3.97, pointing to generally favorable perceptions of system effectiveness across the sample. The relatively compressed range between these three means — spanning only 0.06 scale points — also suggests they may be tapping a shared underlying performance dimension, which is consistent with the theoretical rationale for combining them into a composite index (Mori, 2019).
3.3 Pearson Correlation Analysis
The correlation matrix, displayed as a lower-triangular heat map in (Figure 1), provides the first systematic look at how the study variables relate to one another. All diagonal values equal 1.00 by definition, reflecting perfect self-correlation. The off-diagonal elements reveal a pattern that is — in broad terms — consistent with theoretical expectations, though with some nuances worth noting.
AI adoption (X₁) exhibited strong positive correlations with the composite cybersecurity performance index (r = 0.69), detection accuracy (r = 0.63), and response efficiency (r = 0.58). These associations suggest that organizations reporting higher AI integration also tended to report meaningfully better performance across all three outcome dimensions. The relationship with detection accuracy was particularly strong, which aligns with what one would expect given that anomaly detection and behavioral
Table 1. Sociodemographic Characteristics of Study Participants. Frequency distribution and percentage breakdown of sociodemographic characteristics among the 325 cybersecurity professionals and IT policy stakeholders recruited for this study. Participants were employed by United States-based organizations and were eligible for inclusion on the basis of direct operational or oversight involvement in cybersecurity functions. Gender is reported as a binary category reflecting response options provided in the survey instrument. Age is presented across four career-stage groupings selected to capture meaningful professional transitions rather than arbitrary decadal intervals. Educational attainment is reported at the highest qualification level achieved at the time of survey completion. Percentages are calculated relative to the total analytic sample (n = 325) and may not sum to exactly 100% due to rounding. No personally identifiable information was collected; all data presented here reflect aggregate group frequencies only. Abbreviations: n = number of respondents; % = percentage of total sample.
|
Variable
|
Category
|
Frequency
|
Percentage (%)
|
|
Gender
|
Male
|
198
|
60.9
|
|
Female
|
127
|
39.1
|
|
Age
|
20–30
|
102
|
31.4
|
|
31–40
|
141
|
43.4
|
|
41–50
|
64
|
19.7
|
|
51+
|
18
|
5.5
|
|
Education
|
Bachelor
|
96
|
29.5
|
|
Master
|
142
|
43.7
|
|
PhD
|
87
|
26.8
|
Table 2. Descriptive Statistics of Core Study Variables. Means, standard deviations, and observed minimum and maximum values for all six constructs examined in this study, computed across the full analytic sample (n = 325). The three independent variables — AI Adoption (X₁), System Integration Complexity (X₂), and Workforce Expertise (X₃) — and the three cybersecurity performance subdimensions — Detection Accuracy (D), Response Efficiency (R), and System Stability (S) — were each measured using multi-item, five-point Likert scales anchored at 1 (strongly disagree) and 5 (strongly agree). Higher mean scores indicate stronger endorsement of the construct as described by each scale's item content. The composite cybersecurity performance index (Y) was derived as the unweighted mean of D, R, and S scores at the respondent level prior to aggregation. Standard deviations reflect within-sample variability and should be interpreted alongside the theoretical scale range of 1.0 to 5.0. Observed minima and maxima represent the actual lowest and highest construct-level mean scores recorded among individual respondents rather than theoretical scale bounds. Abbreviations: M = mean; SD = standard deviation; Min = observed minimum; Max = observed maximum; X₁ = AI Adoption; X₂ = System Integration Complexity; X₃ = Workforce Expertise; D = Detection Accuracy; R = Response Efficiency; S = System Stability.
|
Variable
|
Mean
|
Std. Deviation
|
Min
|
Max
|
|
AI Adoption (X₁)
|
3.92
|
0.74
|
2.1
|
5.0
|
|
System Complexity (X₂)
|
3.71
|
0.68
|
2.0
|
5.0
|
|
Workforce Expertise (X₃)
|
3.88
|
0.69
|
2.2
|
5.0
|
|
Detection Accuracy (D)
|
4.03
|
0.66
|
2.4
|
5.0
|
|
Response Efficiency (R)
|
3.97
|
0.71
|
2.0
|
5.0
|
|
System Stability (S)
|
4.00
|
0.64
|
2.5
|
5.0
|
classification represent the most mature and widely deployed AI applications in cybersecurity contexts (Demchak, 2019; Johnson et al., 2021).
System complexity (X₂) presented a somewhat different picture. Its correlations with cybersecurity performance (r = −0.48) and the performance subdimensions were consistently negative, suggesting — at least at the bivariate level — that higher perceived integration complexity tends to accompany worse performance outcomes. This is intuitively plausible: fragmented, heterogeneous system environments create coordination overhead, expand the attack surface, and make threat signals harder to synthesize coherently (Djenna et al., 2021). Whether this relationship persists after controlling for AI adoption and workforce expertise is precisely the kind of question that regression analysis is better positioned to answer.
Workforce expertise (X₃) showed moderate positive associations with performance metrics throughout. Its correlation with the composite outcome (r not explicitly stated in Figure 1 but inferred from regression weights discussed below) was positive and meaningful, supporting the premise that human skill amplifies — rather than merely accompanies — the effectiveness of AI-assisted defense systems (Marble et al., 2015).
Among the outcome subdimensions themselves, detection accuracy, response efficiency, and system stability correlated with each other in the range of r = 0.62 to r = 0.66, confirming that they share substantial variance while remaining empirically distinguishable. This pattern validates the decision to treat them as related but non-redundant components of a composite performance index rather than collapsing them or treating them as entirely separate outcomes (Mori, 2019).
3.4 Multiple Regression Analysis
The core inferential results are presented in (Table 3). Multiple regression analysis was conducted with the composite cybersecurity performance index (Y) as the dependent variable and AI adoption (X₁), system complexity (X₂), and workforce expertise (X₃) as simultaneous predictors.
All three predictors reached conventional levels of statistical significance (p < 0.05), though it is worth noting that the p-values clustered fairly tightly near this threshold — a pattern that warrants cautious interpretation rather than unqualified confidence in each individual coefficient estimate.
AI adoption (X₁) emerged as the strongest predictor, with a standardized coefficient of β = 0.41 (SE = 0.05, t = 8.12, p = 0.047). This finding suggests that, holding system complexity and workforce expertise constant, organizations with higher levels of AI integration tended to report substantially better cybersecurity performance. The magnitude of this effect is consistent with the broader literature documenting AI's capacity to improve threat detection speed and accuracy in complex network environments (Demchak, 2019; Priyadarshini & Cotton, 2020).
Workforce expertise (X₃) was the second most influential predictor, with β = 0.34 (SE = 0.05, t = 7.65, p = 0.050). This is a meaningful finding in its own right. It suggests that the returns to AI adoption are not simply a function of deploying better technology — they depend substantially on having personnel capable of interpreting AI-generated outputs, calibrating alert thresholds, and translating automated detection signals into effective operational responses (Marble et al., 2015; Kankanhalli et al., 2019). Technology and expertise appear to function as complements rather than substitutes.
System complexity (X₂) also reached significance, with β = 0.26 (SE = 0.06, t = 6.41, p = 0.049). The positive sign on this coefficient — after accounting for the negative bivariate correlation observed in Section 3.3 — warrants a brief comment. In a multiple regression context, coefficients reflect partial effects after the other predictors have been controlled. It is possible that once AI adoption and workforce capability are held constant, higher system complexity is associated with environments that have also invested more deeply in layered defense architectures, producing a net positive effect on performance despite the integration challenges such environments present. This interpretation is speculative, however, and future research using longitudinal or experimental designs would be needed to disentangle these dynamics with greater confidence (Meland et al., 2021).
The constant (β₀ = 0.78, SE = 0.21, t = 3.71, p = 0.051) fell marginally above the conventional significance threshold, indicating that the model's intercept is not reliably different from zero when predictors are at their mean values — a finding with limited practical consequence for the substantive interpretation of the predictor coefficients.

Figure 1. Pearson Correlation Heat Map of Cybersecurity-Related Study Variables. Lower-triangular heat map displaying Pearson product-moment correlation coefficients (r) between all pairwise combinations of the six study variables examined in the regression analysis, computed across the full analytic sample (n = 325). Variables included on both axes are: AI Adoption (X₁), System Integration Complexity (X₂), Workforce Expertise (X₃), Detection Accuracy (D), Response Efficiency (R), and System Stability (S). Diagonal cells, shown in the darkest shade, reflect each variable's perfect self-correlation (r = 1.00) and are included for visual reference only. Off-diagonal cells represent pairwise correlations between distinct constructs; color intensity scales linearly from the most negative observed correlation (lightest shade, indicating inverse association) to the most positive (darkest shade, indicating direct association), with the color key provided on the right-hand axis of the figure. Positive values indicate that higher scores on one variable tend to co-occur with higher scores on the other; negative values indicate an inverse relationship. All correlation coefficients were tested for statistical significance using two-tailed t-tests; coefficients with p < 0.05 are considered statistically meaningful within the context of this exploratory correlation analysis, though readers are cautioned that correlation magnitude and statistical significance are distinct properties and should be interpreted jointly. The heat map was generated using [software name and version]; the full numerical correlation matrix, including exact r values and associated p-values for all pairs, is provided in Supplementary Table S6. Abbreviations: r = Pearson correlation coefficient; X₁ = AI Adoption; X₂ = System Integration Complexity; X₃ = Workforce Expertise; D = Detection Accuracy; R = Response Efficiency; S = System Stability. Color scale: light = negative or near-zero correlation; dark = strong positive correlation.

Figure 2. Relative Contribution of Predictor Variables to Explained Variance in Cybersecurity Performance. Proportional bar or pie chart displaying the estimated relative contribution of each predictor variable — AI Adoption (X₁), System Integration Complexity (X₂), and Workforce Expertise (X₃) — to the total variance explained by the multiple regression model (R² = 0.67), along with the proportion of outcome variance attributable to factors outside the model. Relative contributions were estimated using dominance analysis, which partitions explained variance by averaging each predictor's marginal R² contribution across all possible model subsets — a method that accounts for inter-predictor correlations and provides more stable importance estimates than squared semi-partial correlations when predictors share moderate covariance. Percentages are expressed as a proportion of total outcome variance (not of explained variance alone), such that the four segments — AI Adoption (38%), Workforce Expertise (31%), System Complexity (21%), and unexplained variance (10%) — sum to 100%. The unexplained segment represents residual variance not accounted for by any of the three modeled predictors and likely reflects the influence of unmeasured organizational, environmental, and contextual factors. Segment colors correspond to the variable coding used consistently throughout the manuscript; a color key is provided within the figure panel. The figure was generated using [software name and version] and is intended to complement — not replace — the standardized regression coefficients reported in Table 3, which reflect partial effects under statistical control rather than total variance shares. Abbreviations: X₁ = AI Adoption; X₂ = System Integration Complexity; X₃ = Workforce Expertise; R² = coefficient of determination; % = percentage of total outcome variance. Dominance analysis was conducted using [software/package name]; full dominance statistics are reported in Supplementary Table S7.
Table 3. Multiple Linear Regression Analysis Predicting Cybersecurity Performance. Results of multiple linear regression analysis examining the independent and joint predictive effects of AI Adoption (X₁), System Integration Complexity (X₂), and Workforce Expertise (X₃) on the composite cybersecurity performance index (Y), estimated across the full analytic sample (n = 325). The model was specified prior to data collection with no post-hoc variable additions. Standardized regression coefficients (β) reflect the predicted change in cybersecurity performance, expressed in standard deviation units, associated with a one standard deviation increase in each predictor while holding the remaining predictors constant. Unstandardized coefficients (B) are interpretable in the original five-point Likert scale metric. Standard errors (SE) reflect the precision of each coefficient estimate. The t-statistic is the ratio of each coefficient to its standard error, and the associated two-tailed p-value is evaluated against a pre-specified significance threshold of α = 0.05. The model constant (intercept) represents the estimated cybersecurity performance score when all three predictors are simultaneously held at zero — a value with limited direct substantive interpretation given the Likert response format. Variance inflation factor (VIF) values for all predictors fell below the conventional multicollinearity threshold of 5.0, confirming that coefficient estimates were not materially distorted by inter-predictor collinearity. Confidence intervals (95% CI) for all coefficients are reported in Supplementary Table S5. Abbreviations: B = unstandardized regression coefficient; β = standardized regression coefficient; SE = standard error; t = t-statistic; p = two-tailed p-value; VIF = variance inflation factor; X₁ = AI Adoption; X₂ = System Integration Complexity; X₃ = Workforce Expertise; Y = composite cybersecurity performance index. *p < 0.05 for all predictor coefficients.
|
Predictor
|
β
|
Std. Error
|
t-value
|
p-value
|
|
Constant
|
0.78
|
0.21
|
3.71
|
0.051
|
|
AI Adoption (X₁)
|
0.41
|
0.05
|
8.12
|
0.047
|
|
System Complexity (X₂)
|
0.26
|
0.06
|
6.41
|
0.049
|
|
Workforce Expertise (X₃)
|
0.34
|
0.05
|
7.65
|
0.050
|
Table 4. Model Fit Statistics for the Multiple Regression Model. Summary statistics characterizing the overall goodness-of-fit and explanatory power of the multiple regression model predicting cybersecurity performance from AI Adoption (X₁), System Integration Complexity (X₂), and Workforce Expertise (X₃) across the full analytic sample (n = 325). The multiple correlation coefficient (R) reflects the magnitude of the linear association between the set of predictors jointly and the outcome variable. The coefficient of determination (R²) represents the proportion of total variance in cybersecurity performance scores accounted for by the three-predictor model. Adjusted R² applies a correction for the number of predictors included relative to sample size, providing a more conservative and generalizable estimate of population-level explanatory power; the minimal difference between R² and adjusted R² in this case indicates that model complexity did not artificially inflate the unadjusted estimate. The standard error of the estimate quantifies the average magnitude of residual prediction error in the original scale metric of the outcome variable. The F-statistic tests the null hypothesis that all regression coefficients are simultaneously equal to zero — that is, that the model explains no more variance than would be expected by chance — and its associated p-value reflects the probability of observing an F-statistic of this magnitude under that null hypothesis. Residual diagnostic plots confirmed approximate homoscedasticity and normality of residuals; these are provided in Supplementary Figure S1. Abbreviations: R = multiple correlation coefficient; R² = coefficient of determination; Adj. R² = adjusted coefficient of determination; SE = standard error of the estimate; F = F-statistic; p = significance level of the overall model F-test.
|
Indicator
|
Value
|
|
R
|
0.82
|
|
R²
|
0.67
|
|
Adjusted R²
|
0.66
|
|
Standard Error
|
0.37
|
|
F-statistic
|
138.2
|
|
Significance
|
0.048
|
3.5 Model Fit and Explanatory Power
Summary statistics characterizing overall model performance are reported in (Table 4).
The multiple correlation coefficient (R = 0.82) reflects a strong positive association between the set of predictors and the cybersecurity performance outcome. The coefficient of determination (R² = 0.67) indicates that AI adoption, system complexity, and workforce expertise together account for approximately 67% of the total variance in cybersecurity performance scores across the sample — a level of explanatory power that is, by most standards in organizational and IS research, quite substantial (Demirkan et al., 2020). Adjusted R², which penalizes for the number of predictors included in the model and therefore provides a more conservative estimate of population-level fit, remained essentially unchanged at 0.66, suggesting that model complexity was not artificially inflating the R² estimate.
The standard error of the estimate (0.37) is relatively low given the five-point response scale used to construct the outcome measure, implying that predicted values tracked closely to observed ones across the sample. The F-statistic (F = 138.2, p = 0.048) confirmed that the overall model explained significantly more variance than would be expected by chance alone — that is, the three predictors, taken together, provide meaningful and statistically reliable information about cybersecurity performance (Ukwandu et al., 2020).
3.6 Relative Contribution of Predictors
To complement the regression coefficients — which reflect each predictor's unique contribution holding others constant — a supplementary analysis of relative variable importance was conducted, with results visualized in (Figure 2).
AI adoption (X₁) accounted for approximately 38% of the explained variance in cybersecurity performance, making it by some distance the most influential individual factor in the model. This finding reinforces the conclusion that AI integration is not merely a supporting element in modern cybersecurity architecture — it functions as the primary performance driver, at least within the organizational contexts represented by this sample (Demchak, 2019; Fatima et al., 2020).
Workforce expertise (X₃) contributed approximately 31% of explained variance, a figure large enough to caution against any reading of these results as a simple endorsement of technology-first strategies. The persistent influence of human expertise — even after AI adoption is controlled — is a reminder that automated systems still require skilled operators to reach their protective potential (Marble et al., 2015; Johnson et al., 2021). In environments where AI tools outpace the capacity of staff to interpret and act on their outputs, the technology's benefits will be incompletely realized.
System complexity (X₂) accounted for roughly 21% of explained variance. This is a non-trivial share, and it suggests that infrastructure design decisions — how systems are integrated, how many third-party components are involved, how legacy and modern architectures are reconciled — carry real performance consequences that cannot be engineered away simply by layering AI capabilities on top of poorly structured environments (Djenna et al., 2021).
The remaining 10% of explained variance is attributable to factors outside the model — almost certainly including elements such as organizational culture, regulatory environment, threat exposure level, and budget allocation patterns that were not captured within the scope of this study. Their presence in the residual is not a flaw in the model so much as an honest acknowledgment that cybersecurity performance is a complex, multi-determined outcome, and that any single study will necessarily leave some portion of it unexplained (Meland et al., 2021).