AI tools are taking off in cybersecurity, but security workers aren't quite ready to go all-in.
According to a new study from ISC2, three-in-ten practitioners already AI tools in their daily workflows, while 42% are exploring or testing their adoption.
Just 10% of respondents to the survey said they have no plans at all to use AI at work.
In terms of industries, industrial enterprises (38%), IT services (36%), and professional services organizations (34%) lead in the adoption of AI security tools.
Financial services and the public sector have the lowest current adoption rates, at 21% and 16% respectively.
Of those who have already adopted AI security tools, 70% reported positive impacts on their team’s overall effectiveness.
Similarly, they're seeing benefits in network monitoring and intrusion detection, cited by 60%, endpoint protection and response with 56%, and vulnerability management, cited by half.
Meanwhile, 45% said they saw improvements in threat modelling and 43% in security testing.
Casey Marks, chief qualifications officer at ISC2, said the report shows enthusiasm for AI is growing in security alongside other industries, but professionals in this space are far more cautious about adoption and integration.
“Our latest AI survey shows cautious but growing interest in AI security tools, with adoption expected to accelerate in the future,” Marks commented.
What companies are using AI tools for cybersecurity?
It's the biggest organizations - those with more than 10,000 employees - that are leading the adoption of AI security tools, with 37% actively using them.
ISC2 also noted that mid-sized firms with between 500 and 2,499 employees and those with fewer than 99 employees show the lowest adoption rates. Only 20% in each of these groups are actively using AI for cybersecurity purposes.
Naturally, the smallest organizations are also the most conservative, with 23% reporting no plans to evaluate AI security tools.
Teams do expect to see an effect on hiring, with just over half saying that AI will probably reduce the need for entry-level staff.
However, 31% reckoned that AI will also create new types of entry- and junior-level roles or increase demand, helping to counter the decline in early career opportunities elsewhere.
More than four-in-ten said their organization’s cybersecurity hiring hadn't yet been affected by the introduction of AI security tools, with only 21% saying AI has changed their hiring plans and priorities.
However, 44% said their organization was actively reconsidering the roles and skills needed to support the adoption and use of AI security tools.
"Encouragingly, 44% of professionals report no impact on hiring from current or expected adoption of AI security tools, and 28% see AI creating new opportunities for entry-level talent," said Marks.
"Findings suggest that AI is helping cybersecurity professionals by automating repetitive tasks and enabling them to focus on more meaningful work.”
There is, though, some hesitancy about the pace of change. Almost half of security leaders and practitioners recently told penetration testing firm Cobalt that they'd like a 'strategic pause' to recalibrate their defences.
Meanwhile, some experts have warned practitioners could become over-reliant on AI, which will ultimately lead to a loss of important skills, complacency, and dangerous consequences for enterprises.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
HSBC partners with Mistral to fuel bank-wide generative AI adoptionNews The multi-year, strategic partnership will focus on transforming a range of services and tasks from customer-facing to fraud detection and more
-
Google drops cloud complaint against MicrosoftNews Anticompetitive concerns aren't gone, but Google is leaving the battle to the EC instead
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
-
Microsoft opens up Entra Agent ID preview with new AI featuresNews Microsoft Entra Agent ID aims to help manage influx of AI agents using existing tools
