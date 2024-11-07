A slender 54% majority of UK cyber security professionals believe threat actors stand to benefit more from artificial intelligence (AI) than they do, according to a report on sector attitudes compiled by the Chartered Institute of Information Security (CIISec).

All told, 89% of those who took part in the organisation’s latest State of the security profession report said they thought AI would benefit attackers, compared with 84% who thought it would benefit the cyber security industry directly.

The study also exposed a lack of planning for AI among UK businesses, with 44% of cyber professionals saying their organisation was broadly unaware of the risks posed by AI and did not have sufficient policies in place to ensure it was being used safely – although despite this, 85% were at least considering the use of AI themselves.

The CIISec report showed that AI and machine learning will be the most influential technology in the security sector in 2025 by a country mile, with 51% agreeing, compared with zero trust, cited by just 7%, and security hygiene basics, also cited by 7% of respondents.

“Whilst the AI revolution will undoubtedly benefit many business functions, it’s presenting more questions than answers for cyber security professionals. There’s a huge risk of both cyber criminals weaponising the technology and employees with a lack of risk awareness inadvertently leaving their organisation vulnerable when using it,” said Amanda Finch, CEO of CIISec.

“The security industry needs to build knowledge of the threats posed by AI – particularly generative AI – whilst it’s still in its relative infancy. Educating people just entering the industry and those looking to start a career in cyber will be particularly vital, as they’ll be defending against AI attacks for decades to come. This will help to inform security practices and help cyber security professionals to educate the wider business about risk and safety.”

Beyond the cutting edge As always, CIISec’s annual report also explored broader security industry trends, where it found some areas of general improvement, but also much to be concerned about. Whilst the AI revolution will undoubtedly benefit many business functions, it’s presenting more questions than answers for cyber security professionals Amanda Finch, CIISec For example, average sector wages now stand at over £87,000, up £25,000 from its first such report covering the 2016-17 period – an indication that, for security professionals at least, earnings growth has not only kept up with, but outpaced inflation. Security professionals also tended to believe that, as an industry, they were doing better at defending against and dealing with cyber incidents, but many said this is unsustainable – 80% think their budgets are either rising too slowly, flatlining, or outright declining, compared with 11% who think budgets are rising in line with threat levels. Many believed a period of stagnation in security may lie ahead. Coupled with this, almost a quarter of cyber security professionals said they felt overworked, and over half said they had had trouble sleeping due to the pressures of the job. And well they might, because when asked about well-handled and poorly handled incidents, just 57% could name one that had been handled appropriately while 97% could remember a mismanaged breach.