Despite the hype, cybersecurity teams are still taking a cautious approach to using AI tools
Most teams are enthusiastic about AI tools, but they're not going all-in just yet
AI tools are taking off in cybersecurity, but security workers aren't quite ready to go all-in.
According to a new study from ISC2, three-in-ten practitioners already AI tools in their daily workflows, while 42% are exploring or testing their adoption.
Just 10% of respondents to the survey said they have no plans at all to use AI at work.
In terms of industries, industrial enterprises (38%), IT services (36%), and professional services organizations (34%) lead in the adoption of AI security tools.
Financial services and the public sector have the lowest current adoption rates, at 21% and 16% respectively.
Of those who have already adopted AI security tools, 70% reported positive impacts on their team’s overall effectiveness.
Similarly, they're seeing benefits in network monitoring and intrusion detection, cited by 60%, endpoint protection and response with 56%, and vulnerability management, cited by half.
Meanwhile, 45% said they saw improvements in threat modelling and 43% in security testing.
Casey Marks, chief qualifications officer at ISC2, said the report shows enthusiasm for AI is growing in security alongside other industries, but professionals in this space are far more cautious about adoption and integration.
“Our latest AI survey shows cautious but growing interest in AI security tools, with adoption expected to accelerate in the future,” Marks commented.
What companies are using AI tools for cybersecurity?
It's the biggest organizations - those with more than 10,000 employees - that are leading the adoption of AI security tools, with 37% actively using them.
ISC2 also noted that mid-sized firms with between 500 and 2,499 employees and those with fewer than 99 employees show the lowest adoption rates. Only 20% in each of these groups are actively using AI for cybersecurity purposes.
Naturally, the smallest organizations are also the most conservative, with 23% reporting no plans to evaluate AI security tools.
Teams do expect to see an effect on hiring, with just over half saying that AI will probably reduce the need for entry-level staff.
However, 31% reckoned that AI will also create new types of entry- and junior-level roles or increase demand, helping to counter the decline in early career opportunities elsewhere.
More than four-in-ten said their organization’s cybersecurity hiring hadn't yet been affected by the introduction of AI security tools, with only 21% saying AI has changed their hiring plans and priorities.
However, 44% said their organization was actively reconsidering the roles and skills needed to support the adoption and use of AI security tools.
"Encouragingly, 44% of professionals report no impact on hiring from current or expected adoption of AI security tools, and 28% see AI creating new opportunities for entry-level talent," said Marks.
"Findings suggest that AI is helping cybersecurity professionals by automating repetitive tasks and enabling them to focus on more meaningful work.”
There is, though, some hesitancy about the pace of change. Almost half of security leaders and practitioners recently told penetration testing firm Cobalt that they'd like a 'strategic pause' to recalibrate their defences.
Meanwhile, some experts have warned practitioners could become over-reliant on AI, which will ultimately lead to a loss of important skills, complacency, and dangerous consequences for enterprises.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Why patching velocity matters as Claude Mythos supercharges vulnerability discoveryFrontier AI models such as Claude Mythos and GPT-5.5 make patching more urgent than ever. How can firms increase the velocity at which they apply fixes and mitigations?
-
The UK is running on fumes as data center build-outs can’t keep pace with demandNews The country's vacancy rate has dropped sharply, with much of the pipeline early-stage and uncertain
-
‘These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out’: Anthropic warns AI is helping lower the bar for up-and-coming hackersNews AI is making it harder to differentiate between high and low-skilled actors
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Google says AI is now being used to build zero-days – and we just narrowly avoided a 'mass exploitation event'News Google cyber researchers think they’ve found the first AI-generated zero-day exploit
-
UK firms left in the dark over what workers are sharing with AINews Security teams can’t keep track of what workers are sharing with AI applications, regardless of whether they’re approved or unauthorized
-
AI is now a ‘standard part of the attacker toolkit’News Cyber attacks are increasing in scale, intensity, and velocity thanks to AI, and it’s forcing defenders to react faster than ever before
-
AI is raising the stakes for cyber professionals – Claude Mythos just took things to another levelNews AI efficiency gains work both ways, and threat actors are already capitalizing on powerful new tools
