Security pros anticipate automation will reduce IT security headcount, but not replace human expertise
The majority of companies (77 percent) continue to use or plan to use automation in the next three years, according to a Ponemon Institute and DomainTools survey.
The biggest takeaway in this year’s study is that 51 percent of respondents now believe that automation will decrease headcount in the IT security function, an increase from 30 percent in last year’s study. Further, concerns by employees losing their jobs because of automation have increased to 37 percent over last year’s 28 percent.
Meanwhile, cybersecurity skills shortage continues to be a problem. Sixty-nine percent of organizations’ IT security functions are understaffed; a slight improvement over last year’s 75 percent.
Mixed opinions about automation
The adoption of automation tools for cybersecurity this past year has had mixed reviews. Overall, 74 percent agree that automation enables IT security staff to focus on more serious vulnerabilities and overall network security. Interestingly, automation highlights a renewed focus on the importance of the human role in security. Of respondents:
- Only 40 percent believe automation reduces human error
- Half believe automation will make jobs more complex
- Fifty-four percent think automation will never replace human intuition and hands-on experience
- Seventy-four percent (a rise from last year’s 68 percent) say that automation is not capable of certain tasks done by IT security staff.
The number one roadblock of companies that considered automation and do not plan to automate is a lack of in-house expertise (53 percent), followed by a heavy reliance on legacy IT environments.
“The perspective around the effects of automated technologies for IT security continues to shift year after year,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.
“As adoption of automation becomes more mainstream and improves the effectiveness and efficiency of IT security staff, they are anticipating that they will be able to accomplish more with fewer bodies.
“What is likely is for there to be a consolidation of existing roles, rather than an elimination. This means better opportunities for employees to up-level their current skills to create more value-added roles as the human side of security remains as important as ever.”
The benefits of automation
The report revealed that regulatory compliance standards such as GDPR and others are a growing global influence in an organization’s use of automation, with 72 percent citing that over last year’s 66 percent.
This is reflected in the need for familiarity with security regulations and standards in both entry-level and highly experienced job candidates in the US – topping the list of knowledge requirements for the first time at 81 percent.
Automation is not a quick, fix-all solution, though it is proving to deliver tangible benefits and results. A majority (60 percent) of employees state that automation is reducing stress in their lives and 43 percent say it increases productivity.
Enhancing the capabilities of security staff
Automation delivers productivity benefits such as reducing false positives and/or false negatives (43 percent), increasing the speed of analyzing threats (42 percent), and prioritizing threats and vulnerabilities (39 percent).
The most common activities likely to be replaced by automation in the next three years are log analysis (68 percent), threat hunting (60 percent), and DevOps (37 percent).
“Automation is already improving the productivity of security personnel across industries. We are still in the early stages of adoption and just touching the surface of how automation will enhance the capabilities of security staff and evolve security roles,” said Corin Imai, Senior Security Advisor, DomainTools.
“However, the human factor remains the most important player in information security. Automation will never fully replace human intuition and expertise, and those that become experts in deploying and managing automation solutions will have a new valuable skill set for many years to come.”
Additional trends revealed in the report include:
- Almost half of respondents (48 percent) are sharing threat intelligence to collaborate with industry peers.
- Forty-seven percent of organizations do not invest in training or onboarding of security personnel.
- Fifty-three percent of respondents have seen an increase in attackers’ use of automation.
- Only 41 percent of CEOs and/or board of directors are briefed on the use of automation.