Despite the hype, cybersecurity teams are still taking a cautious approach to using AI tools
Most teams are enthusiastic about AI tools, but they're not going all-in just yet
AI tools are taking off in cybersecurity, but security workers aren't quite ready to go all-in.
According to a new study from ISC2, three-in-ten practitioners already AI tools in their daily workflows, while 42% are exploring or testing their adoption.
Just 10% of respondents to the survey said they have no plans at all to use AI at work.
In terms of industries, industrial enterprises (38%), IT services (36%), and professional services organizations (34%) lead in the adoption of AI security tools.
Financial services and the public sector have the lowest current adoption rates, at 21% and 16% respectively.
Of those who have already adopted AI security tools, 70% reported positive impacts on their team’s overall effectiveness.
Similarly, they're seeing benefits in network monitoring and intrusion detection, cited by 60%, endpoint protection and response with 56%, and vulnerability management, cited by half.
Meanwhile, 45% said they saw improvements in threat modelling and 43% in security testing.
Casey Marks, chief qualifications officer at ISC2, said the report shows enthusiasm for AI is growing in security alongside other industries, but professionals in this space are far more cautious about adoption and integration.
“Our latest AI survey shows cautious but growing interest in AI security tools, with adoption expected to accelerate in the future,” Marks commented.
What companies are using AI tools for cybersecurity?
It's the biggest organizations - those with more than 10,000 employees - that are leading the adoption of AI security tools, with 37% actively using them.
ISC2 also noted that mid-sized firms with between 500 and 2,499 employees and those with fewer than 99 employees show the lowest adoption rates. Only 20% in each of these groups are actively using AI for cybersecurity purposes.
Naturally, the smallest organizations are also the most conservative, with 23% reporting no plans to evaluate AI security tools.
Teams do expect to see an effect on hiring, with just over half saying that AI will probably reduce the need for entry-level staff.
However, 31% reckoned that AI will also create new types of entry- and junior-level roles or increase demand, helping to counter the decline in early career opportunities elsewhere.
More than four-in-ten said their organization’s cybersecurity hiring hadn't yet been affected by the introduction of AI security tools, with only 21% saying AI has changed their hiring plans and priorities.
However, 44% said their organization was actively reconsidering the roles and skills needed to support the adoption and use of AI security tools.
"Encouragingly, 44% of professionals report no impact on hiring from current or expected adoption of AI security tools, and 28% see AI creating new opportunities for entry-level talent," said Marks.
"Findings suggest that AI is helping cybersecurity professionals by automating repetitive tasks and enabling them to focus on more meaningful work.”
There is, though, some hesitancy about the pace of change. Almost half of security leaders and practitioners recently told penetration testing firm Cobalt that they'd like a 'strategic pause' to recalibrate their defences.
Meanwhile, some experts have warned practitioners could become over-reliant on AI, which will ultimately lead to a loss of important skills, complacency, and dangerous consequences for enterprises.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
The UK AI revolution: navigating the future of the intelligent enterpriseAs AI reshapes industries and societies, decision-makers in the UK face a critical choice: build a sovereign future or merely import it.
-
Turning the UK AI revolution into a sovereign realityThe UK AI Revolution documentary series posed difficult questions about AI’s hype, control, and future. Now, IT leaders must find the architectural answers
-
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radarNews The new DeadLock ransomware family is taking off in the wild, researchers warn
-
Supply chain and AI security in the spotlight for cyber leaders in 2026News Organizations are sharpening their focus on supply chain security and shoring up AI systems
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
NHS supplier DXS International confirms cyber attack – here’s what we know so farNews The NHS supplier says front-line clinical services are unaffected
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
