IT For CEOs & CFOs
News & Views
ThreatQuotient publishes Cyber Report
Barriers to cybersecurity automation adoption are continuing according to the latest State of Cybersecurity Automation Adoption in 2022 report from ThreatQuotient (www.threatq.com).
Based on survey results from 750 senior cybersecurity professionals at companies in the UK, US and Australia from a range of industries, ThreatQuotient’s global research report examines the drivers and challenges for implementing cybersecurity automation, highlighting which automation use cases are working, which need more focus, and how senior cybersecurity professionals are approaching the challenge of securing the extended enterprise.
“Cybersecurity automation acts as a foundation to support the protection of the fast-evolving security frontiers of tomorrow. But while our research shows that organizations have certainly made progress over the last year when using automation to manage routine work and improve overall cybersecurity maturity, barriers remain,” says Leon Ward, Vice President, Product Management, ThreatQuotient.
“Technology is cited as the top blocker that is preventing organizations from applying cybersecurity automation (21%), as well as a skills shortage (17%), and lack of management buy-in (17%) – all acting as a brake on adoption. There is a considerable disconnect and a lack of consensus over the drivers, barriers, and challenges of automation among the various roles that influence cybersecurity strategy and tactical approach.”
In the report, 98% of respondents indicate that although their automation budgets are increasing, they are eating into other departmental or technology budgets. Over 25% of organizations reveal that they are already automating threat intelligence management and incident response, with 26% citing the automated use of phishing analysis, while a further 25% say they automate their vulnerability management.
Surprisingly, only 18% of respondents are automating alert triage, despite this being a potential route to reducing the burden of manual review and prioritization. With Heads of IT Security Solutions/Architecture having the most issues with getting management buy-in (37%) compared with the other job roles (19%), most organizations (63%) say they have explored at least some use cases for cybersecurity automation, there still remains room for improvement.
In the 2021 survey, 37% reported already automating key processes, with 45% planning to do so in the coming year. Now that the additional 45% have started to implement automation, the 2022 report notes a change in the type of concerns reported. Last year, concerns were more conceptual, focusing on issues like trust in outcomes. Based on the 2022 responses, teams are now more focused on practical issues, such as how best to apply automation to heterogeneous environments and legacy tools. It is here where solutions that simplify set-up of key use cases and use no-code to make automation accessible to a wider group of personnel can help overcome barriers and accelerate effective automation.
ThreatQuotient’s latest report can be found at www.threatq.com/cybersecurity-automation-adoption-report