Blurry blue and orange lights over a digital binary code background, symbolizing data, technology, or cybersecurity concepts.
Ponemon Survey
Survey Reports

2020 Ponemon Survey Report: Staffing the IT Security Function in the Age of Automation

Ponemon Institute conducted the third annual study “Staffing the IT Security Function in the Age of Automation: A Study of Organizations in the United States and United Kingdom” to better understand how organizations are addressing the problem of attracting and retaining IT security practitioners and how the adoption of automation and artificial intelligence (AI) will impact IT security. More than 1,000 IT and IT security practitioners who participate in attracting, hiring, promoting and retaining IT security personnel within their companies were surveyed. Ponemon Institute conducted a similar study in 2013, 2018, and 2019. Whenever possible, this report will show research findings from the previous study.

While the lack of in-house IT security expertise continues to be a problem, the key takeaway in this year’s study is that the majority of respondents (51 percent) now believe that automation will decrease headcount in the IT security function, an increase from 30 percent in last year’s study. Further, more respondents believe they will lose their jobs in an average of four years, an increase from 28 percent of respondents to 37 percent of respondents since last year. Possible reasons for these perceptions are that automation, according to the findings, can improve the effectiveness and efficiency of the IT security staff so in the future fewer will need to be hired.

Below are a few key takeaways from this research:

  • Automation will improve productivity but the human factor is still important. Seventy-four percent of respondents say automation is not capable of performing certain tasks that the IT security staff can do and 54 percent of respondents say automation will never replace human intuition and hands-on experience.
  • Barriers to investing in automation continue to be the lack of in-house expertise (53 percent of respondents) and a heavy reliance on legacy IT environments.
  • Automation increases the productivity of current security personnel (43 percent of respondents) and reduces the false positive and/or false negative rates (43 percent of respondents). Sixty percent of respondents say automation is helping to reduce the stress of their organization’s IT security personnel.