A recent report by security firm ThreatQuotient has found an overwhelming majority of UK senior cybersecurity professionals intend to automate more in the next 12 months.
The report – titled the State of Cyber Security Automation Adoption in 2021 – focused on understanding the importance, challenges and trends facing businesses when it comes to automating their IT security systems.
The report surveyed the markets of central government, defence, critical national infrastructure – energy and utilities, retail and financial services. The research examined what IT security use cases or processes organisations have already automated, and what they are planning to automate, as well as budgets, resources, trust issues and skills as well as assessing the overall outlook for IT security automation.
The study surveyed 250 senior cybersecurity professionals at UK companies that employed over 2,000 people from a wide range of different industries. While the huge majority detailed their desire to automate, 41% of the respondents said they had a lack of trust in automation’s outcomes.
A huge majority of 98% said they planned to automate more of their security estate over the next year, with 5% of these applying automation for the first time.
ThreatQuotient detailed that 77% of survey respondents claimed IT security automation is important to senior security professionals. Overall intentions to automate were high among respondents, with 95% saying they have automated to some extent, with 40% stating they had automated between 51 to 100% of their processes.
On the topic of reasons for automation, 34% of survey respondents said the top reason for IT security automation is the need to improve on maintain security standards, trailed by the need to improve efficiency and productivity at 31%.
While there were many cybersecurity professionals who planned to automate, there were still challenges and worries around automation. A total of 92% of organisations said they had experienced problems/issues when implementing IT security – with only 8% claiming to have not experienced any problems.
Technology was referenced as a key roadblock by 43% of respondents that they claim is stopping organisations from applying IT security automation. A lack of skills followed at 45%, with a lack of trust outcomes and budget issues trailing that at 41% and 30% respectively.
31% of organisations that have automation capabilities built into technologies such as Endpoint Detection & Response, SIEMs and Security Automation and Orchestration said they don’t trust these solutions to automate much beyond basic tasks such as sending notifications or running a threat intelligence query.
For future IT security automation to be successful, 51% of respondents believe that well-defined manual processes are required. An intention to automate threat intelligence was cited as the top use case for applying automation in the future, with 50% stating they are already automating threat intelligence processing.
ThreatQuotient vice president Anthony Perridge said, “To gain a clearer picture of the state of IT security automation and adoption and understand what is either accelerating or holding UK PLC back, we commissioned this survey to understand how far down the road senior cybersecurity professionals are with their IT security automation initiatives.
“There are several barriers preventing organisations from maximising the benefit of automation, such as budget, prioritisation issues, talent gaps, technology, trust concerns and more. At ThreatQuotient, we know that data driven automation can enable security operations teams to reliably trust the data and be confident in their decisions, which for many security professionals will be absolutely ground-breaking as they look to automate more use cases.”
The full report can be viewed here.
Copyright © 2021 FinTech Global