Automation will bring job security, say most IT security pros

Automation will not reduce the headcount in the IT security function, but instead means increased job security for IT security practitioners, according to a poll of security professionals.

The survey of 1,400 security professionals in the UK, the US and Asia-Pacific (APAC) by the Ponemon Institute and cyber threat intelligence firm DomainTools revealed that although 35% think automation will reduce security headcount, 25% believe it will have no effect on hiring, and 40% think it will even increase hiring, especially of IT security professionals who have expertise in managing automation technologies.

However, 65% said human involvement in security is still important in the age of automation. Almost 50% said automation improves the ability to prioritise threats and vulnerabilities and 47% said it increases the productivity of current security personnel, but 65% said automation is not capable of performing certain tasks and 51% said it will never replace “human intuition” and hand-on experience.

Most respondents (61%) do not think they will lose their jobs because of automation and 68% believe automation will enable IT security staff to focus on more serious vulnerabilities and overall network security.

US respondents were the most positive about automation helping security professionals to do their job, with 65% saying it would, compared with 59% of UK respondents and 48% of APAC respondents.

Most security professionals believe artificial intelligence (AI) is supportive of organisations’ efforts to monitor threats, with 63% of respondents saying their organisation does not have enough staff to monitor threats 24/7.

The report, Staffing the IT security function in the age of automation, indicates a shortage of IT security staff across geographical regions, with 78% of all respondents saying their teams are understaffed.

According to respondents, automation will provide a partial solution to the problem, relieving IT security professionals of time-consuming and non-cost-effective tasks, such as malware analysis, which is either already automated (50%), or is planned to become so in the next three years (56%).

“Within just one year, the perspective around adoption of automated technologies has notably shifted among security professionals,” said Larry Ponemon, chairman and founder of the Ponemon Institute.

“Contrary to the popular belief that the rise of automation will threaten the job market, organisations now feel these technologies will help ease the current strain on resources, and offer the potential to promote job security for highly skilled staff, while strengthening cyber security defences.”

UK and US respondents were much more confident that automation will improve their IT security staff’s ability to do their job (59% and 65%, respectively) than APAC respondents (48%), who were also more likely to distrust AI as a security tool (37%), compared with 31% in the UK and 24% in the US.

Skills shortages also seemed to be lower in the APAC region (67%) than in the UK (70%) and the US (78%), which perhaps partially explains the different level of reliance and trust on automation and AI across regions, the report said.

Of those respondents who said AI is trusted as a security tool in their organisations, 53% listed staff shortages as the main reason why their enterprise has adopted AI-supported security technologies.

“The results of the survey reveal that, overall, security professionals are confident that automation will make their workload more manageable and will increase the accuracy of certain tasks, without jeopardising their job security,” said Corin Imai, senior security adviser at DomainTools.

“Although there are geographical differences in the level of confidence placed in AI and automation as security tools, the reasons that motivate their adoption – relieving overworked teams, preventing downtime and business disruptions, reducing threats created by operating in the global digital economy, and so on – seem to be consistent across regions, suggesting that goals and expectations are aligned for organisations across the globe.”