ThreatQuotient Publishes 2023 State of Cybersecurity Automation Adoption Research Report

Survey results highlight the expanding importance of automation, a change in how cybersecurity professionals determine ROI, and how cybersecurity teams believe they can avoid burnout 

ThreatQuotient™, a leading security operations platform innovator, today released the State of Cybersecurity Automation Adoption 2023. Based on survey results from 750 senior cybersecurity professionals at companies in the U.K., U.S. and Australia from a range of industries, this global research report examines the drivers and challenges for implementing cybersecurity automation in today’s enterprises. The third edition of this annual survey highlights how automation has become significantly more important compared to 2022 results.

Three quarters of respondents (75%) now say cybersecurity automation is important, up from 68% last year. Additionally, compared to last year, a higher percentage of respondents are automating key areas of their cybersecurity programme. The most notable use case increase is in alert triage, with 30% now using automation compared to 18% in 2022. There has also been a 5% rise in the use of automation for vulnerability management. Overall, phishing analysis is the most common use case for automation in 2023, adopted by 31% of respondents.

 

Key research findings also include:

  • Every survey participant reported problems with cybersecurity automation: the top three challenges are lack of trust in outcomes, slow user adoption, and bad decisions such as incorrectly blocking benign domain names or innocent emails.
  • Insufficient budget, growing regulatory and compliance challenges, and high team churn rates are the top three challenges facing cybersecurity teams.
  • Employee satisfaction and retention has become the main metric for assessing cybersecurity automation ROI for more than 60% of leaders, outweighing other measures such as how well the solution is performing in security terms.
  • Leaders believe cybersecurity team wellbeing would be improved by smarter tools that simplify work, greater flexibility over working hours and location, and increasing team headcount.
  • Budget for automation projects is now less likely to be net new allocations – only 18.5% have new budget this year, a drop from 34% last year. 57% are allocating budget from outside the team, while 46% have increased it by allocating budget from other tools.
  • Increasing efficiency is a main driver for cybersecurity automation for 41% of respondents, closely followed by regulation and compliance (38%) and increasing productivity (36.5%). Interestingly, maintaining cybersecurity standards dropped from joint first last year to fifth place this year.
  • Integration with multiple data sources (24%), training availability (23%), and automated reporting (21%) top the wish list for organisations when choosing cybersecurity automation solutions.

 

“Implementing cybersecurity automation is a complex and multifaceted undertaking, as borne out by the last three years of our research,” said Leon Ward, Vice President, Product Management, ThreatQuotient. “While most surveyed organisations say cybersecurity automation is important to their business, there are signs of dissatisfaction, with all but one respondent saying they have encountered problems. That said, there are proven use cases for automation, and we believe the main barriers encountered are due to early adoption of solutions that didn’t deliver on their potential and had a lack of integration capabilities.”

 

On the topic of measuring the ROI of cybersecurity automation, Ward notes: “The shift in how businesses measure ROI is significant, indicating a change in what organisations view as the “point” of investing in cybersecurity automation – the prime motivation is to improve the experience of employees. By allowing automation to shoulder the burden of lower value, repetitive activities, and release analysts for more interesting and fulfilling work, companies can improve employee satisfaction, wellbeing, and reduce churn.”

Ward continues: “With ROI measured on the basis of team satisfaction and retention, vendors need to incorporate the human benefits of their solution into product design and messaging. There are several developments on the horizon that should respond to this need, including the introduction of AI (artificial intelligence) and greater rollout of low and no-code solutions.”

 

To download the full State of Cybersecurity Automation Adoption in 2023 report, including more detail on the survey questions, regional and industry snapshots, and recommendations for senior security professionals to follow if they are looking to automate their security processes, click here.

 

Report Methodology

Leading security operations platform innovator, ThreatQuotient, commissioned a survey, undertaken by independent research organisation, Opinion Matters, in June 2023. 750 senior cybersecurity professionals in the UK., US. and Australia from companies employing 2000+ people from a range of industries including: Central Government, Defence, Critical National Infrastructure, Retail, and Financial Services sectors, with 150 respondents from each.

 

About ThreatQuotient

ThreatQuotient improves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. ThreatQuotient’s data-driven security operations platform helps teams prioritise, automate, and collaborate on security incidents; enables more focused decision making; and maximises limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. ThreatQuotient’s industry leading data management, orchestration and automation capabilities support multiple use cases including incident response, threat hunting, spear phishing, alert triage, vulnerability prioritisation, and can also serve as a threat intelligence platform. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe, MENA and APAC. For more information, visit www.threatquotient.com.