SEATTLE – February 11, 2020 – Today the Ponemon Institute, in partnership with DomainTools, announced the results of its third annual “Staffing the IT Security Function in the Age of Automation” report. The survey of more than 1,000 IT and IT security practitioners analyzed the impact of automation on current IT security practices and staffing in the U.S. and UK.
Overall, the majority of companies (77 percent) continue to use or plan to use automation in the next three years. The biggest takeaway in this year’s study is that the majority of respondents (51 percent) now believe that automation will decrease headcount in the IT security function, an increase from 30 percent in last year’s study. Further, concerns by employees losing their jobs because of automation have increased to 37 percent over last year’s 28 percent. Meanwhile, cybersecurity skills shortage continues to be a problem. Sixty-nine percent of organizations’ IT security functions are understaffed; a slight improvement over last year’s 75 percent.
The adoption of automation tools for cybersecurity this past year has had mixed reviews. Overall, 74 percent agree that automation enables IT security staff to focus on more serious vulnerabilities and overall network security. Interestingly, automation highlights a renewed focus on the importance of the human role in security. Of respondents:
- Only 40 percent believe automation reduces human error;
- Half believe automation will make jobs more complex;
- Fifty-four percent think automation will never replace human intuition and hands-on experience;
- Seventy-four percent (a rise from last year’s 68 percent) say that automation is not capable of certain tasks done by IT security staff.
The number one roadblock of companies that considered automation and do not plan to automate is a lack of in-house expertise (53 percent), followed by a heavy reliance on legacy IT environments.
“The perspective around the effects of automated technologies for IT security continues to shift year after year,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “As adoption of automation becomes more mainstream and improves the effectiveness and efficiency of IT security staff, they are anticipating that they will be able to accomplish more with fewer bodies. What is likely is for there to be a consolidation of existing roles, rather than an elimination. This means better opportunities for employees to up-level their current skills to create more value-added roles as the human side of security remains as important as ever.”
The report revealed that regulatory compliance standards such as GDPR and others are a growing global influence in an organization’s use of automation, with 72 percent citing that over last year’s 66 percent. This is reflected in the need for familiarity with security regulations and standards in both entry-level and highly experienced job candidates in the US – topping the list of knowledge requirements for the first time at 81 percent.
Automation is not a quick, fix-all solution, though it is proving to deliver tangible benefits and results. A majority (60 percent) of employees state that automation is reducing stress in their lives and 43 percent say it increases productivity. Automation delivers productivity benefits such as reducing false positives and/or false negatives (43 percent), increasing the speed of analyzing threats (42 percent), and prioritizing threats and vulnerabilities (39 percent). The most common activities likely to be replaced by automation in the next three years are log analysis (68 percent), threat hunting (60 percent), and DevOps (37 percent).
“Automation is already improving the productivity of security personnel across industries. We are still in the early stages of adoption and just touching the surface of how automation will enhance the capabilities of security staff and evolve security roles,” said Corin Imai, Senior Security Advisor, DomainTools. “However, the human factor remains the most important player in information security. Automation will never fully replace human intuition and expertise, and those that become experts in deploying and managing automation solutions will have a new valuable skill set for many years to come.”
Additional trends revealed in this year’s report include:
- Almost half of respondents (48 percent) are sharing threat intelligence to collaborate with industry peers.
- Forty-seven percent of organizations do not invest in training or onboarding of security personnel.
- Fifty-three percent of respondents have seen an increase in attackers’ use of automation.
- Only 41 percent of CEOs and/or board of directors are briefed on the use of automation.
For more information on the report, download the full set of findings.
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at https://www.domaintools.com or follow us on Twitter: @domaintools
About Ponemon Institute
Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.