ThreatQuotient has released its Evolution of Cybersecurity Automation Adoption 2024. It found that automation is now a key part of cybersecurity. To help increase the use of automation, organisations have seen an increase in budgets with funds specifically allocated for automation.
The increased use of automation does not appear to be leading to a drop in jobs, as organisations redirect talent to work in other areas of cybersecurity. There is also an increasing use of AI across cybersecurity as organisations look for faster detection, response, and remediation times.
Leon Ward, Vice President, Product Management, ThreatQuotient, said, “It is tough for cybersecurity professionals who now face fast-changing cyber and cyber-physical threats of unprecedented sophistication, volume, velocity and variety. Defending their business is an enormous task, and cybersecurity professionals must become more resilient.
“What we are seeing in this ‘new normal’ landscape is the need for more automation, scale and better threat intelligence sharing. A collaborative approach to cybersecurity helps organisations better defend as industries scale their knowledge to respond to attacks.”
The rise of automation
Over the last three years, cybersecurity teams have embraced automation. Its importance, as measured by responses to this survey, has risen from 68% in 2022 to 80% in 2024. At the same time, those saying it is unimportant is now down to just 8%. Driving that change has been the accessibility of the tools and the need to manage workloads better.
Another driver for automation is that a significant amount of low-level cybersecurity work is about analytics and data management. These tasks are well suited to automation, and they free employees to focus on anomalies and areas of concern.
Automation also has a major role in incident response, with 32% saying this was not the top use case. The ability to analyse phishing (30%) and threat hunting (30%) were close behind. This is all due to the ability of automation to handle data at high speed and carry out complex analyses that would be difficult for a human operator.
To that end, budgets for automation are also increasing, and it is now seen as a separate budget line in many organisations. Over 995 of respondents said they had more budget for automation. Unlike previous years, that increase is not about reallocating money from other areas. 39% have net new budget specifically for automation. That is double the ring-fenced budget from last year and shows that use cases and benefits are now being recognised.
All of this is driving greater trust in automation. Those who don’t trust it make up just 20% of respondents, down 11% from 2023.
There are still issues with automation
There are, however, still issues with automation. That increase in budget, while welcome, shows that not every organisation is prepared to invest. Most prefer to reallocate money, presumably because they see it doing tasks that were done by people or other technologies. As such, they see automation as an efficiency gain, not just a productivity gain.
Technology issues were also an issue for most respondents. However, it was unclear from the report as to exactly what the technology issues were. The report states that skills are no longer the issue they were. That shows that training has been beneficial when it comes to the adoption of automation.
ThreatQuotient also highlighted that integration is key. Two-thirds of respondents integrate best-of-breed into their architecture as part of their cybersecurity toolkit. Integration is always a complex process, and it is likely that organisations face some constraints.
AI also continues to grow
Unsurprisingly, respondents say that their use of automation is also continuing to grow. 58% are now using it, with its use split equally between specific use cases and across all operations. A further 20% are planning AI deployments. Importantly, just 6% have no plans to use AI at all.
ThreatQuotient says that the decisions on how AI is adopted seem to depend on how the organisation chooses to approach AI. It claims there is “a strong correlation between respondents using a single vendor platform as the foundation to their security architecture and AI deployment.
“Sixty-two percent of organizations that use a standalone single vendor platform say they are using AI across all operations, indicating that their platform provider has introduced AI.”
The choice of solutions and integration also affects how AI is used. For example, best-of-breed applications that don’t integrate well result in just 22% of customers using AI. Usage almost doubles where integration is good. However, in both cases, this concerns the vendors’ adoption and use of AI. It is something that vendors need to address.
Enterprise Times: What does this mean?
While automation and AI continue to rise inside cybersecurity, there is clearly much to be done, according to this report. Budget issues, technology issues, and even vendor issues are all having an impact on adoption and deployment.
However, what cannot be argued is that both technologies are having a serious impact on cybersecurity. That is a good thing because they are removing much of the mundane, boring work from hard-pressed teams. It allows those teams to focus on delivering a better service to the business. More importantly, the claims that the introduction of both technologies would result in job losses continue to be far from the truth.
