ThreatQuotient™, a leading threat intelligence platform innovator, last week released the Evolution of Cybersecurity Automation Adoption 2024. Based on survey results from 750 senior cybersecurity professionals at companies in the U.K., U.S. and Australia from a range of industries, this in-depth research report examines the progress senior cybersecurity professionals are making towards adopting automation, its key use cases and the challenges they face. The fourth edition of this annual survey highlights how automation is maturing and how, in a world of continuous change, organisations are adopting cybersecurity automation for resilience, scale and collaboration. The report examines approaches to integration, whether respondents are taking a single-vendor platform approach or best-of-breed, the adoption of AI and the importance of cyber threat intelligence sharing.
Eight-in-ten respondents (80%) now say cybersecurity automation is important, up from 75% last year and 68% the previous year. Additionally, budget for cybersecurity automation has increased every year, and this year’s survey is no different with 99% of respondents increasing spend on automation. Interestingly, 39% of respondents now have net new budget specifically for automation, a significant rise on the 18.5% who said this last year. Previously, decision-makers were diverting budget from other cybersecurity tools or reallocating unused headcount funds. In 2024 respondents have a better understanding of key uses cases and the benefits automation delivers is helping them make a stronger business case for dedicated budget, which is another indication that cybersecurity automation is maturing.
Key research findings also include:
- Key use cases: Incident response was the top use case for automation (32%), rising consistently through the course of the study. This was followed by phishing analysis (30%) and threat hunting (30%) which has also continued to rise.
- Challenges are evolving: Nearly every survey participant reported problems with cybersecurity automation: the top three challenges were technological issues, lack of budget and lack of time. As automation deployments mature, trust in the outcomes of automated processes has increased. Just 20% of respondents reported a lack of trust in outcomes, compared to 31% last year. In 2023 there was also significant concern around bad decisions, slow user adoption and lack of skills, but these concerns have abated in 2024.
- Top measurement metrics: Employee satisfaction and retention remains the main metric for assessing cybersecurity automation ROI for 43% of leaders, but this has dropped from 61.5% citing it as the key metric in 2023. Resource management, in terms of staff efficiency, effectiveness and budget (42%), and how well the job is being done in terms of MTTR and MTTD (38%) have both become more prevalent as measurement tools as organisations home in on metrics more closely linked to productivity and efficiency.
- Growth in threat intelligence sharing: Ninety-nine percent of cybersecurity professionals say they share cyber threat intelligence through at least one channel; 54% share cyber threat intelligence with their direct partners and suppliers and 48% share with others in their industry through official threat sharing communities.
- Integration is key: Two thirds (67%) of respondents integrate best of breed solutions into their architecture to effectively deliver their cybersecurity strategy. Regardless of whether they focus solely on best of breed tools or they start with a single vendor platform and then supplement with best of breed tools, integrating tools is an important activity.
- AI gathers momentum: Fifty eight percent of respondents say they are using AI in cybersecurity. Half are using it everywhere, and half in specific use cases. A further 20% are planning deployments in the year ahead.
- Expected attack vectors in the year ahead: Cyber-physical attacks are considered most likely in the year ahead, followed by phishing and ransomware. Although not a top three attack vector, 20% of respondents expect to see attacks via the supply chain and one in five see state-sponsored attacks affecting their business.
“It is tough for cybersecurity professionals who now face fast-changing cyber and cyber-physical threats of unprecedented sophistication, volume, velocity and variety,” said Leon Ward, Vice President, Product Management, ThreatQuotient. “Defending their business is an enormous task, and cybersecurity professionals must become more resilient.
“What we are seeing in this ‘new normal’ landscape is the need for more automation, scale and better threat intelligence sharing. A collaborative approach to cybersecurity helps organisations better defend as industries scale their knowledge to respond to attacks.”
As organisations double down on cybersecurity automation use cases that deliver value and embrace more intelligence sharing, this will result in more effective and proactive cyber defence. This year the survey highlights the focus has shifted toward ROI metrics that are more closely linked to productivity and efficiency and – while employee retention and satisfaction remains important – it is no longer heavily outweighing performance and efficiency KPIs.
Ward concludes, “We believe that scaling security operations and collaboration across teams, ecosystems and industries is the most urgent challenge facing cybersecurity professionals. Successfully uniting human expertise, automation and AI and enabling seamless integration across tools and intelligence feeds will drive cyber resilience and agility at organisational, industry, and international levels.”
To download the full Evolution of Cybersecurity Automation Adoption in 2024 report, including more detail on the survey questions, regional and industry snapshots, and recommendations for senior security professionals to follow if they are looking to automate their security processes, click here.To access the report, click here.