Automation Poised to Change IT Staffing Models

Automation will decrease headcount in the IT security function, according to 51 percent of IT security practitioners surveyed for the third annual Staffing the IT Security Function in the Age of Automation report published in February 2020 by the Ponemon Institute and DomainTools.

The survey analyzed the effect of automation on current IT security practices and staffing in the United States and the United Kingdom, finding that 77 percent of companies currently use or are planning to use automation in the next three years.

The cybersecurity skills shortage continues to be a theme in the latest report; 69 percent of respondents said their organizations’ IT security functions are understaffed—a slight improvement from 75 percent in 2019. Employees’ concerns about losing their jobs because of automation ticked up to 37 percent from 28 percent.

Automation has received mixed reviews in IT security departments. While 74 percent of respondents said automation enables staff to focus on more serious vulnerabilities and overall network security, only 40 percent said automation reduces human error. And half of the survey respondents said automation will make their jobs more complex.

In addition, 54 percent of respondents said automation will never replace human intuition and hands-on experience, and 74 percent said automation is incapable of fulfilling certain IT security staff tasks.

“As adoption of automation becomes more mainstream and improves the effectiveness and efficiency of IT security staff, they are anticipating that they will be able to accomplish more with fewer bodies,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a press release. “What is more likely is for there to be a consolidation of existing roles, rather than an elimination. This means better opportunities for employees to up-level their current skills to create more value-added roles as the human side of security remains as important as ever.”

So far, automation is producing some tangible results for IT security. According to the report, 60 percent of employees surveyed said automation is reducing stress in their lives. Respondents also said automation increases productivity by reducing false positives and false negatives, increasing the speed of threat analysis, and prioritizing threats and vulnerabilities.