Survey results highlight that cybersecurity automation is now an important part of cybersecurity professionals’ defensive strategy – but organizations want highly targeted, customized automation and threat intelligence that enables them to collaborate.
ASHBURN, VA. USA – November 19, 2024 – ThreatQuotient™, a leading threat intelligence platform innovator, today released the Evolution of Cybersecurity Automation Adoption 2024. Based on survey results from 750 senior cybersecurity professionals at companies in the U.K., U.S. and Australia from a range of industries, this in-depth research report examines the progress senior cybersecurity professionals are making towards adopting automation, its key use cases and the challenges they face. The fourth edition of this annual survey highlights how automation is maturing and how, in a world of continuous change, organizations are adopting cybersecurity automation for resilience, scale and collaboration. The report examines approaches to integration, whether respondents are taking a single-vendor platform approach or best-of-breed, the adoption of AI and the importance of cyber threat intelligence sharing.
Eight-in-ten respondents (80%) now say cybersecurity automation is important, up from 75% last year and 68% the previous year. Additionally, budget for cybersecurity automation has increased every year, and this year’s survey is no different with 99% of respondents increasing spend on automation. Interestingly, 39% of respondents now have net new budget specifically for automation, a significant rise on the 18.5% who said this last year. Previously, decision-makers were diverting budget from other cybersecurity tools or reallocating unused headcount funds. In 2024 respondents have a better understanding of key uses cases and the benefits automation delivers is helping them make a stronger business case for dedicated budget, which is another indication that cybersecurity automation is maturing.
Key research findings also include:
- Key use cases: Incident response was the top use case for automation (32%), rising consistently through the course of the study. This was followed by phishing analysis (30%) and threat hunting (30%) which has also continued to rise.
- Challenges are evolving: Nearly every survey participant reported problems with cybersecurity automation: the top three challenges were technological issues, lack of budget and lack of time. As automation deployments mature, trust in the outcomes of automated processes has increased. Just 20% of respondents reported a lack of trust in outcomes, compared to 31% last year. In 2023 there was also significant concern around bad decisions, slow user adoption and lack of skills, but these concerns have abated in 2024.
- Top measurement metrics: Employee satisfaction and retention remains the main metric for assessing cybersecurity automation ROI for 43% of leaders, but this has dropped from 61.5% citing it as the key metric in 2023. Resource management, in terms of staff efficiency, effectiveness and budget (42%), and how well the job is being done in terms of MTTR and MTTD (38%) have both become more prevalent as measurement tools as organizations home in on metrics more closely linked to productivity and efficiency.
- Growth in threat intelligence sharing: Ninety-nine percent of cybersecurity professionals say they share cyber threat intelligence through at least one channel; 54% share cyber threat intelligence with their direct partners and suppliers and 48% share with others in their industry through official threat sharing communities.
- Integration is key: Two thirds (67%) of respondents integrate best of breed solutions into their architecture to effectively deliver their cybersecurity strategy. Regardless of whether they focus solely on best of breed tools or they start with a single vendor platform and then supplement with best of breed tools, integrating tools is an important activity.
- AI gathers momentum: Fifty eight percent of respondents say they are using AI in cybersecurity. Half are using it everywhere, and half in specific use cases. A further 20% are planning deployments in the year ahead.
- Expected attack vectors in the year ahead: Cyber-physical attacks are considered most likely in the year ahead, followed by phishing and ransomware. Although not a top three attack vector, 20% of respondents expect to see attacks via the supply chain and one in five see state-sponsored attacks affecting their business.
“It is tough for cybersecurity professionals who now face fast-changing cyber and cyber-physical threats of unprecedented sophistication, volume, velocity and variety,” said Leon Ward, Vice President, Product Management, ThreatQuotient. “Defending their business is an enormous task, and cybersecurity professionals must become more resilient.
“What we are seeing in this ‘new normal’ landscape is the need for more automation, scale and better threat intelligence sharing. A collaborative approach to cybersecurity helps organizations better defend as industries scale their knowledge to respond to attacks.”
As organizations double down on cybersecurity automation use cases that deliver value and embrace more intelligence sharing, this will result in more effective and proactive cyber defense. This year the survey highlights the focus has shifted toward ROI metrics that are more closely linked to productivity and efficiency and – while employee retention and satisfaction remains important – it is no longer heavily outweighing performance and efficiency KPIs.
Ward concludes, “We believe that scaling security operations and collaboration across teams, ecosystems and industries is the most urgent challenge facing cybersecurity professionals. Successfully uniting human expertise, automation and AI and enabling seamless integration across tools and intelligence feeds will drive cyber resilience and agility at organizational, industry, and international levels.”
To download the full Evolution of Cybersecurity Automation Adoption in 2024 report, including more detail on the survey questions, regional and industry snapshots, and recommendations for senior security professionals to follow if they are looking to automate their security processes, click here. To access the report, click here.
Report Methodology
Leading threat intelligence platform innovator, ThreatQuotient, commissioned a survey undertaken by independent research organization, Opinion Matters, in June 2024. 750 senior cybersecurity professionals in the UK., US. and Australia from companies employing 2,000+ people from a range of industries including Central Government, Defense, Critical National Infrastructure, Retail, and Financial Services sectors, with 150 respondents from each.
About ThreatQuotient
ThreatQuotient improves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. ThreatQ is the first purpose-built, data-driven threat intelligence platform that helps teams prioritize, automate and collaborate on security incidents; enables more focused decision making; and maximizes limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. ThreatQuotient’s industry leading integration marketplace, data management, orchestration and automation capabilities support multiple use cases including threat intelligence management and sharing, incident response, threat hunting, spear phishing, alert triage and vulnerability management. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe, MENA and APAC. For more information, visit www.threatquotient.com.
Media Contact
Paula Elliott
C8 Consulting for ThreatQuotient
+44 7894 339645
[email protected]