The 2020 Study on Staffing the IT Security Function in the Age of Automation: A Study of Organizations in the United States and United Kingdom reveals a sharp increase in perceptions about the impact of automation on the hiring of IT security staff. Specifically, the majority of respondents (51 percent) now believe that automation will decrease headcount in the IT security function in the future, an increase from 30 percent of respondents in last year’s study. Further, more respondents believe they will lose their jobs in an average of four years, an increase from 28 percent of respondents to 37 percent of respondents.
Ponemon Institute, with sponsorship from DomainTools, surveyed 1,027 IT and IT security practitioners in the US and UK who participate in recruiting, hiring, promoting IT security personnel within their organizations. Most of the respondents are IT directors, managers, or IT system analysts.
The following findings reveal how automation is making the IT security function more productive.
- Enables the IT security staff to focus on more serious vulnerabilities and overall network security.
- Prevents downtime or business disruptions from security incidents.
- Increases the productivity of current security personnel and enables them to focus on more serious vulnerabilities.
- Reduces the stress of the organization’s IT security personnel.
While more than one-third of respondents believe they may lose their job in the next few years because of the growing use of automation, the research indicates that the human factor remains critical to the success of automation.
- Automation is not capable of performing certain tasks that the IT security team can do (74 percent of respondents, an increase from 68 percent in 2019).
- Automation will never replace human intuition and hands-on experience (54 percent of respondents, an increase from 49 percent).
- Human intervention is necessary for network protection (47 percent of respondents, an increase from 44 percent).
- An experienced IT security team is essential to manage automation. Fifty-three percent of respondents in organizations that do not plan to use adoption (24 percent of respondents) say not having such expertise is a barrier to the adoption of automation.
The research also reveals interesting differences between US and UK organizations represented in the study. These include the following:
- Respondents in the UK are more likely to believe that automation improves their IT security staff’s ability to do their jobs.
- More US organizations than UK organizations are using threat intelligence in their cybersecurity programs (51 percent vs. 43 percent of respondents).
- More UK organizations than US organizations are briefing the CEO and/or board of directors on their use of automation (43 percent vs. 38 percent of respondents).
We hope you will read our report and look forward to your comments and feedback.