Additionally, a higher percentage of respondents are automating key areas of their cybersecurity program. In alert triage, there are 30% now using automation compared to 18% in 2022. There has also been a 5% rise in the use of automation for vulnerability management. Overall, phishing analysis is the most common use case for automation in 2023, adopted by 31% of respondents.
Increasing efficiency is a main driver for cybersecurity automation for 41% of respondents, closely followed by regulation and compliance (38%) and increasing productivity (36.5%). Integration with multiple data sources (24%), training availability (23%) and automated reporting (21%) top the wish list for organizations when choosing cybersecurity automation solutions.
Key research findings also include:
- Every survey participant reported problems with cybersecurity automation: the top three challenges are lack of trust in outcomes, slow user adoption, and bad decisions such as incorrectly blocking benign domain names or innocent emails.
- Insufficient budget, growing regulatory and compliance challenges, and high team churn rates are cybersecurity teams’ top three challenges.
- Employee satisfaction and retention have become the main metric for assessing cybersecurity automation ROI for more than 60% of leaders, outweighing other measures such as how well the solution is performing in security terms.
- Leaders believe cybersecurity team well-being would be improved by smarter tools that simplify work, greater flexibility over working hours and location, and increasing team headcount.
- The budget for automation projects is now less likely to be net new allocations – only 18.5% have the new budget this year, a drop from 34% last year. 57% are allocating budget from outside the team, while 46% have increased it by allocating budget from other tools.
- Increasing efficiency is a main driver for cybersecurity automation for 41% of respondents, closely followed by regulation and compliance (38%) and increasing productivity (36.5%). Interestingly, maintaining cybersecurity standards dropped from joint first last year to fifth place this year.
- Integration with multiple data sources (24%), training availability (23%), and automated reporting (21%) top the wish list for organizations when choosing cybersecurity automation solutions.
“Implementing cybersecurity automation is a complex and multifaceted undertaking, as borne out by the last three years of our research,” said Leon Ward, Vice President, Product Management, ThreatQuotient. “While most surveyed organizations say cybersecurity automation is important to their business, there are signs of dissatisfaction, with all but one respondent saying they have encountered problems. That said, there are proven use cases for automation, and we believe the main barriers encountered are due to early adoption of solutions that didn’t deliver on their potential and had a lack of integration capabilities.”
On the topic of measuring the ROI of cybersecurity automation, Ward notes: “The shift in how businesses measure ROI is significant, indicating a change in what organizations view as the “point” of investing in cybersecurity automation – the prime motivation is to improve the experience of employees. By allowing automation to shoulder the burden of lower value, repetitive activities, and release analysts for more interesting and fulfilling work, companies can improve employee satisfaction, wellbeing, and reduce churn.”
Read the full report here..
