ThreatQuotient, a security operations platform innovator, has released the State of Cybersecurity Automation Adoption in 2022. Based on survey results from 750 senior cybersecurity professionals at companies in the UK, US and Australia from a range of industries, this global research report examines the drivers and challenges for implementing cybersecurity automation in today’s distributed enterprises.
The report indicates that organisations have become more confident in automation itself compared to last year’s report, with over 84% of companies now having some level of trust in automation outcomes, up from the 59% who had confidence in outcomes last year.
The 2022 State of Cybersecurity Automation Adoption finds that organisations are working to automate various elements of their security strategy and are progressing through different levels of maturity.
However, barriers remain. Technology was cited as the top blocker that is preventing organisations from applying cybersecurity automation (21%), in addition to a lack of skills (17%), and lack of management buy-in (17%) acting as a brake on adoption. Additionally, the report identifies a considerable disconnect and a lack of consensus over the drivers, barriers, and challenges of automation among the various roles that influence cybersecurity strategy and tactical approach.
Key findings of the report include:
- 98% of respondents indicate their automation budget is increasing, although many are eating into other departmental or technology budgets to achieve this. A notable proportion (30%) are re-allocating unused headcount budget.
- Organisations are most likely to already be automating threat intelligence management and incident response (26.5%), with phishing analysis (26%) and vulnerability management (25%) not far behind.
- Surprisingly, only 18% of respondents are automating alert triage, despite this being a potential route to reducing the burden of manual review and prioritisation.
- Heads of IT Security Solutions/Architecture are having the most issues with management buy-in (37%) compared with the other job roles (19%).
- When asked to rate their automation maturity from level 1, limited capability and no resources, to level 5, fully resourced and responsive set-up that integrates with other cybersecurity disciplines and adds business value, the majority of organisations (63%) rate themselves at level 2 or 3, showing that they have explored at least some use cases for cybersecurity automation, but that room for improvement remains.
In the 2021 survey, 37% reported already automating key processes, with 45% planning to do so in the coming year. Now that the additional 45% have started to implement automation, the 2022 report notes a change in the type of concerns reported. Last year, concerns were more conceptual, focusing on issues like trust in outcomes. Based on the 2022 responses, teams are now more focused on practical issues, such as how best to apply automation to heterogeneous environments and legacy tools. It is here where solutions that simplify set-up of key use cases and use no-code to make automation accessible to a wider group of personnel can help overcome barriers and accelerate effective automation.
“ThreatQuotient commissioned this survey to gain a clearer picture of the state of IT security automation and adoption and understand what is either accelerating or slowing automation in the UK, US and Australia. We are encouraged and intrigued by the 2022 results compared to the 2021 study,” said Leon Ward, Vice President, Product Management, ThreatQuotient. “Cybersecurity automation acts as a foundation to support the protection of the fast-evolving security frontiers of tomorrow. While the research shows that organisations have certainly made progress over the last year when using automation to manage routine work and improve overall cybersecurity maturity, many teams still report challenges with automation. ThreatQuotient’s goal is to further the industry’s understanding of where cybersecurity automation brings the most benefit.”