What you need to know about cybersecurity automation

•  Cybersecurity automation is significantly more important this year than in 2022. 
• Disenchantment with automation was clear from the new ThreatQuotient survey. 
• 60% of leaders use employee satisfaction and retention as the main metric for assessing cybersecurity automation ROI.

On November 14^th, ThreatQuotient released its cybersecurity automation report, The State of Cybersecurity Automation Adoption 2023. It’s the third annual survey asking for views on the progress made in the adoption of cybersecurity automation, its key use cases, and the challenges faced.

This year, as well as identifying trends over time, the study explored wider issues, including the critical features cybersecurity professionals want to see in automation solutions, the topic of wellbeing among cybersecurity teams, and how it can be improved.

The report is based on survey responses from 750 senior cybersecurity professionals at companies in the UK, US, and Australia from a range of industries. The global research report examines what drivers and what challenges there are to the implementation of cybersecurity automation.

The results show that automation is significantly more important this year, compared to 2022.

Three quarters of respondents (75%) now say cybersecurity automation is important, up from 68% last year. Also, compared to last year, a higher percentage of respondents are automating key areas of their cybersecurity program.

There’s been a notable use case increase in alert triage, with 30% now using automation compared to 18% in 2022. A rise of 5% in the use of automation for vulnerability management was also recorded, and phishing analysis is the most common use case for automation in 2023, adopted by 31% of respondents.

Barriers to cybersecurity automation

Every participant in the survey reported problems with automation: the top three challenges are lack of trust in outcomes, slow user adoption, and bad decisions such as incorrectly blocking benign domain names or innocent emails.

Cybersecurity teams also face insufficient budget (24%), growing regulatory challenges as regulators introduce mandatory cybersecurity resilience and recovery requirements into draft legislation, and high team churn. These factors show how the macroeconomic picture is impacting the issues that cybersecurity leaders face.

The budget allocated to automation this year was less likely to be net new allocation – a drop from 34% last year to just 18.5% this year. 57% are allocating budget from outside the team, while 46% have increased it by diverting budget from other tools.

Maintaining cybersecurity standards came in at fifth this year in terms of the main driver for cybersecurity automation, compared to joint first last year. Increasing efficiency is now a main driver for 41% of respondents, followed by regulation and compliance (38%) and increasing productivity (36.5%).

Integration with multiple data sources (24%), training availability (23%), and automated reporting (21%) top the wish list for organizations when choosing cybersecurity automation solutions.

“Implementing cybersecurity automation is a complex and multifaceted undertaking, as borne out by the last three years of our research,” said Leon Ward, vice president, product management, ThreatQuotient.

“While most surveyed organisations say cybersecurity automation is important to their business, there are signs of dissatisfaction, with all but one respondent saying they have encountered problems.”

In fact, the problems highlighted in previous years remain – and have even grown. A degree of disenchantment around automation was evident in this year’s study, a sense that it hasn’t delivered on its promise.

However, global disruption enables cybercriminals and nation-state actors to capitalize on the chaos, as attacks use AI and automation to be more sophisticated and deceptive.

Employee satisfaction is the greatest ROI

60% of leaders use employee satisfaction and retention as the main metric for assessing cybersecurity automation ROI, outweighing other measures like how well the solution is performing in security terms.

Ward says, “There are several developments on the horizon that should respond to this need, including the introduction of AI  and greater rollout of low and no-code solutions.”

Leaders think that cybersecurity team wellbeing would be improved by smarter tools that simplify work, greater flexibility over working hours and location, and increasing team headcount.

This signal shift in what organizations see as the “point” of cybersecurity automation means vendors need to incorporate the human benefits of their solution into product design and messaging.

Non-traditional, human-focused measures equally as important, if not more important than security, accuracy, efficiency, and productivity gains.

To see ThreatQuotient’s full report and its recommendations, click here.