AI tools are taking off in cybersecurity, but security workers aren't quite ready to go all-in.
According to a new study from ISC2, three-in-ten practitioners already AI tools in their daily workflows, while 42% are exploring or testing their adoption.
Just 10% of respondents to the survey said they have no plans at all to use AI at work.
In terms of industries, industrial enterprises (38%), IT services (36%), and professional services organizations (34%) lead in the adoption of AI security tools.
Financial services and the public sector have the lowest current adoption rates, at 21% and 16% respectively.
Of those who have already adopted AI security tools, 70% reported positive impacts on their team’s overall effectiveness.
Similarly, they're seeing benefits in network monitoring and intrusion detection, cited by 60%, endpoint protection and response with 56%, and vulnerability management, cited by half.
Meanwhile, 45% said they saw improvements in threat modelling and 43% in security testing.
Casey Marks, chief qualifications officer at ISC2, said the report shows enthusiasm for AI is growing in security alongside other industries, but professionals in this space are far more cautious about adoption and integration.
“Our latest AI survey shows cautious but growing interest in AI security tools, with adoption expected to accelerate in the future,” Marks commented.
What companies are using AI tools for cybersecurity?
It's the biggest organizations - those with more than 10,000 employees - that are leading the adoption of AI security tools, with 37% actively using them.
ISC2 also noted that mid-sized firms with between 500 and 2,499 employees and those with fewer than 99 employees show the lowest adoption rates. Only 20% in each of these groups are actively using AI for cybersecurity purposes.
Naturally, the smallest organizations are also the most conservative, with 23% reporting no plans to evaluate AI security tools.
Teams do expect to see an effect on hiring, with just over half saying that AI will probably reduce the need for entry-level staff.
However, 31% reckoned that AI will also create new types of entry- and junior-level roles or increase demand, helping to counter the decline in early career opportunities elsewhere.
More than four-in-ten said their organization’s cybersecurity hiring hadn't yet been affected by the introduction of AI security tools, with only 21% saying AI has changed their hiring plans and priorities.
However, 44% said their organization was actively reconsidering the roles and skills needed to support the adoption and use of AI security tools.
"Encouragingly, 44% of professionals report no impact on hiring from current or expected adoption of AI security tools, and 28% see AI creating new opportunities for entry-level talent," said Marks.
"Findings suggest that AI is helping cybersecurity professionals by automating repetitive tasks and enabling them to focus on more meaningful work.”
There is, though, some hesitancy about the pace of change. Almost half of security leaders and practitioners recently told penetration testing firm Cobalt that they'd like a 'strategic pause' to recalibrate their defences.
Meanwhile, some experts have warned practitioners could become over-reliant on AI, which will ultimately lead to a loss of important skills, complacency, and dangerous consequences for enterprises.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
A new, silent social engineering attack is being used by hackersNews Security researchers have warned the 'FileFix' technique, which builds on the notorious 'ClickFix' tactic, is being used in the wild by threat actors.
-
Marc Benioff isn’t convinced about the threat of AI job lossesNews Marc Benioff thinks fears over widespread AI job losses may be overblown and that Salesforce's own approach to the technology shows adoption can be achieved without huge cuts.
-
A new, silent social engineering attack is being used by hackers – and your security systems might not notice until it’s too late
News Security researchers have warned the 'FileFix' technique, which builds on the notorious 'ClickFix' tactic, is being used in the wild by threat actors.
-
MSPs emerge as key security partners for mid-market enterprisesNews The MSP Customer Insight Report reveals 85% of mid-sized organizations now rely on MSPs for security support
-
Application layer DDoS attacks are skyrocketing – here's whyNews The industry is seen as a prime target thanks to a reliance on online services and real-time transactions
-
Arrests made after huge HMRC scam campaign hit 100,000 accountsNews The Romanian nationals are accused of having used stolen data to make fraudulent claims
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaosNews Thousands of ransomware cases have already been posted on the dark web this year
-
Ingram Micro cyber attack: IT distributor says system restoration underway – but some customers might have to wait for a return to normalityNews Ingram Micro is gradually getting back on its feet after a recent cyber attack severely disrupted systems.
-
M&S chair calls for mandatory reporting of cyber attacks after "traumatic" ransomware incident – but will it do more harm than good?News M&S chair Archie Norman has called for mandatory reporting amid claims two large UK companies were hacked without any public knowledge.
-
Arrests made in hunt for hackers behind cyber attacks on M&S and Co-opNews The suspects remain in custody for questioning by officers from the NCA's National Cyber Crime Unit
