The progressive automation of security in Australia, the UK, and the US.
Security automation: adoption rates.
ThreatQuotient has published a report looking at the adoption of cybersecurity automation within enterprises in the UK, the US, and Australia.
Security automation is increasing in some areas.
The survey found that nearly all of the respondents said their organizations were increasing automation, but 63% rated their current level of automation as mid-tier:
- “98% of respondents indicate their automation budget is increasing, although many are eating into other departmental or technology budgets to achieve this. A notable proportion (30%) are re-allocating unused headcount budget.
- “Organizations are most likely to already be automating threat intelligence management and incident response (26.5%), with phishing analysis (26%) and vulnerability management (25%) not far behind.
- “Surprisingly, only 18% of respondents are automating alert triage, despite this being a potential route to reducing the burden of manual review and prioritization.
- “Heads of IT Security Solutions/Architecture are having the most issues with management buy-in (37%) compared with the other job roles (19%).
- “When asked to rate their automation maturity from level 1, limited capability and no resources, to level 5, fully resourced and responsive set-up that integrates with other cybersecurity disciplines and adds business value, the majority of organizations (63%) rate themselves at level 2 or 3, showing that they have explored at least some use cases for cybersecurity automation, but that room for improvement remains.”
Challenges with implementing automation.
Nearly all respondents also noted that they’ve experienced challenges while automating their processes. ThreatQuotient states, “Implementing automation is not plain sailing, with 97% reporting difficulties in rolling out automation initiatives. The most commonly cited challenge is technology issues, which often arise when automation is overlaid on a heterogeneous environment comprising multiple legacy toolsets. Skill shortages and lack of management buy-in are also preventing automation adoption, while further down the list siloed departments and a lack of trust in outcomes are also problems preventing the effective rollout of initiatives.”
Still, the researchers note that the responses in this area have improved compared to last year’s survey.