The state of cybersecurity automation
 

The importance in cybersecurity automation is expanding and could hold the key to cyberteams avoiding burnout, according to the latest research from security operations platform innovator, ThreatQuotient (www.threatq.com).

Based on survey results from 750 senior cybersecurity professionals at companies in the U.K., U.S. and Australia from a range of industries, ThreatQuotient’s 2023 State of Cybersecurity Automation Adoption Research Report reveals that three quarters of respondents (75%) now say cybersecurity automation is important in their businesses compared to 68% in 2022.

Additionally, this year sees a higher percentage of respondents (30%) saying they now use automation for alert triage representing a 12% increase on the 18% reported in 2022.   Automation in vulnerability management has also increased by 5%, although the largest increase in automation for phishing analysis was cited by 31% of respondents.

Despite the increasing use of automation, every survey participant reported problems with cybersecurity automation with the top three challenges they face being lack of trust in outcomes, slow user adoption, and bad decisions such as incorrectly blocking benign domain names or innocent emails.

“Implementing cybersecurity automation is a complex and multifaceted undertaking, as borne out by the last three years of our research,” says Leon Ward, Vice President, Product Management, ThreatQuotient.  “While most surveyed organizations say cybersecurity automation is important to their business, there are signs of dissatisfaction, with all but one respondent saying they have encountered problems.  That said, there are proven use cases for automation, and we believe the main barriers encountered are due to early adoption of solutions that didn’t deliver on their potential and had a lack of integration capabilities.”

In the report, respondents also cited insufficient budgets, growing regulatory and compliance challenges, and high team churn rates as the top three challenges facing cybersecurity teams.  Budget for automation projects is now less likely to be net new allocations – only 18.5% have new budget this year, a drop from 34% last year.  Almost 60% say they are allocating budget from outside the team, while 46% say they have increased it by allocating budget from other tools.

More than 60% of leaders surveyed say employee satisfaction and retention have become the main metrics for assessing cybersecurity automation Return on Investment (ROI) outweighing other measures such as how well the solution is performing in security terms.   With smarter tools to simplify work, greater flexibility over working hours and location, and increasing team headcount were cited by survey respondents as key issues which would improve cybersecurity team wellbeing.

“The shift in how businesses measure ROI is significant, indicating a change in what organizations view as the “point” of investing in cybersecurity automation – the prime motivation is to improve the experience of employees.  By allowing automation to shoulder the burden of lower value, repetitive activities, and release analysts for more interesting and fulfilling work, companies can improve employee satisfaction, wellbeing, and reduce churn,” says Ward.

“With ROI measured on the basis of team satisfaction and retention, vendors need to incorporate the human benefits of their solution into product design and messaging.  There are several developments on the horizon that should respond to this need, including the introduction of AI (artificial intelligence) and greater rollout of low and no-code solutions.”

Increasing efficiency continues to be the main driver for cybersecurity automation for 41% of respondents, closely followed by regulation and compliance (38%) and increasing productivity (36.5%).  Integration with multiple data sources (24%), training availability (23%), and automated reporting (21%) top the wish list for organizations when choosing cybersecurity automation solutions.  

ThreatQuotient’s full State of Cybersecurity Automation Adoption in 2023 report can be found at www.threatq.com/cybersecurity-automation-adoption-report.