ThreatQuotient released the Evolution of
Cybersecurity Automation Adoption 2024. Based on survey results from 750 senior
cybersecurity professionals at companies in the U.K., U.S. and Australia from a
range of industries, this in-depth research report examines the progress senior
cybersecurity professionals are making towards adopting automation, its key use
cases and the challenges they face. The fourth edition of this annual survey
highlights how automation is maturing and how, in a world of continuous change,
organizations are adopting cybersecurity automation for resilience, scale and
collaboration. The report examines approaches to integration, whether
respondents are taking a single-vendor platform approach or best-of-breed, the
adoption of AI and the importance of cyber threat intelligence sharing.
Eight-in-ten
respondents (80%) now say cybersecurity automation is important, up from 75%
last year and 68% the previous year. Additionally, budget for cybersecurity
automation has increased every year, and this year's survey is no different
with 99% of respondents increasing spend on automation. Interestingly, 39% of
respondents now have net new budget specifically for automation, a significant
rise on the 18.5% who said this last year. Previously, decision-makers were
diverting budget from other cybersecurity tools or reallocating unused
headcount funds. In 2024 respondents have a better understanding of key uses
cases and the benefits automation delivers is helping them make a stronger
business case for dedicated budget, which is another indication that
cybersecurity automation is maturing.
Key research
findings also include:/
- Key
use cases: Incident response was the top
use case for automation (32%), rising consistently through the course of
the study. This was followed by phishing analysis (30%) and threat hunting
(30%) which has also continued to rise.
- Challenges
are evolving: Nearly every survey
participant reported problems with cybersecurity automation: the top three
challenges were technological issues, lack of budget and lack of
time. As automation deployments mature, trust in the outcomes of
automated processes has increased. Just 20% of respondents reported a lack
of trust in outcomes, compared to 31% last year. In 2023 there was also
significant concern around bad decisions, slow user adoption and lack of
skills, but these concerns have abated in 2024.
- Top
measurement metrics: Employee
satisfaction and retention remains the main metric for assessing
cybersecurity automation ROI for 43% of leaders, but this has dropped from
61.5% citing it as the key metric in 2023. Resource management, in terms
of staff efficiency, effectiveness and budget (42%), and how well the job
is being done in terms of MTTR and MTTD (38%) have both become more
prevalent as measurement tools as organizations home in on metrics more
closely linked to productivity and efficiency.
- Growth
in threat intelligence sharing:
Ninety-nine percent of cybersecurity professionals say they share cyber
threat intelligence through at least one channel; 54% share cyber threat
intelligence with their direct partners and suppliers and 48% share with
others in their industry through official threat sharing communities.
- Integration
is key: Two thirds (67%) of
respondents integrate best of breed solutions into their architecture to
effectively deliver their cybersecurity strategy. Regardless of whether
they focus solely on best of breed tools or they start with a single
vendor platform and then supplement with best of breed tools, integrating
tools is an important activity.
- AI
gathers momentum: Fifty eight
percent of respondents say they are using AI in cybersecurity. Half are
using it everywhere, and half in specific use cases. A further 20%
are planning deployments in the year ahead.
- Expected
attack vectors in the year ahead:
Cyber-physical attacks are considered most likely in the year ahead,
followed by phishing and ransomware. Although not a top three attack
vector, 20% of respondents expect to see attacks via the supply chain and
one in five see state-sponsored attacks affecting their business.
"It is tough
for cybersecurity professionals who now face fast-changing cyber and
cyber-physical threats of unprecedented sophistication, volume, velocity and
variety," said Leon Ward, Vice President, Product Management, ThreatQuotient.
"Defending their business is an enormous task, and cybersecurity professionals
must become more resilient.
"What we are
seeing in this ‘new normal' landscape is the need for more automation, scale
and better threat intelligence sharing. A collaborative approach to
cybersecurity helps organizations better defend as industries scale their
knowledge to respond to attacks."
As
organizations double down on cybersecurity automation use cases that deliver
value and embrace more intelligence sharing, this will result in more effective
and proactive cyber defense. This year the survey highlights the focus has
shifted toward ROI metrics that are more closely linked to productivity and
efficiency and - while employee retention and satisfaction remains important -
it is no longer heavily outweighing performance and efficiency KPIs.
Ward
concludes, "We believe that scaling security operations and collaboration
across teams, ecosystems and industries is the most urgent challenge facing
cybersecurity professionals. Successfully uniting human expertise, automation
and AI and enabling seamless integration across tools and intelligence feeds
will drive cyber resilience and agility at organizational, industry, and
international levels."
To download
the full Evolution of Cybersecurity Automation Adoption in 2024 report,
including more detail on the survey questions, regional and industry snapshots,
and recommendations for senior security professionals to follow if they are
looking to automate their security processes, click here. To access the report, click here.