by Leon Ward, Chief Transformational Officer, Securonix
When you work in cybersecurity, whether you’re steering the operational team, or in a more strategic role, the mission is the same: protect the business. But when it comes to executing that mission, finding consensus on the best approach can be hard. At this pivotal point in the evolution of cybersecurity, as automation becomes table stakes and AI adoption accelerates, it is important that stakeholders are pulling in the same direction. However, recent ThreatQuotient research highlights real differences in how CISOs and Heads of IR approach the introduction of AI into cybersecurity strategy and practice. By recognizing and resolving this disconnect, organizations can improve the chances of successfully deploying automation and AI.
Automation: a maturing approach laying foundations for AI
We have been tracking the state of automation adoption in cybersecurity for the past five years. This year showed a decisive shift: 97% of organizations say cybersecurity automation is now business critical.
On this point, CISOs and Heads of IR agree. At both strategic and tactical levels, the value of automating cybersecurity processes, such as alert triage, phishing analysis, and threat hunting, is understood.
However, when the conversation shifts to introducing AI into cybersecurity and layering autonomous decision-making capabilities onto automation, the two roles begin to follow different paths. Disparities start with the fundamental question of what is driving AI adoption. Among the CISOs we surveyed, 60% say productivity is the main driver; they want to use AI to go faster, accelerating processes and outcomes. All the other roles we surveyed agree that potential productivity gains are motivating their AI investment. However, among Heads of Incident Response, more than half (58%) are seeking greater efficiency. In other words, they want to do more with less, seeking to maximize the impact of the resources they currently have. This potentially reflects that Heads of IR have a clearer understanding of the skills gaps and recruitment challenges affecting their workforce and see AI adoption as a route to resolve these.
The leadership paradox: senior leaders are both drivers and blockers for AI adoption
Our research found that CISOs and Heads of IR agree that the dominant push for AI adoption in cybersecurity is coming from the board. However, paradoxically, one of the main barriers to implementing AI is achieving management buy-in for AI projects. This affects 32% of the Heads of IR that we surveyed, more than any other role. The apparent contradiction highlights the fact that leaders – including CISOs – are keen to realize the expected strategic benefits of adopting AI, but are uncertain about its tactical applications, leading management executives to be cautious about throwing support behind proposals.
This situation echoes what we tracked in our research on automation, where management buy-in was frequently cited as a top barrier in the early days of implementation. However, as use cases became more defined and refined, management confidence grew, and with it support for more extensive automation adoption.
Right now, however, this is little comfort to Heads of IR. They have identified a range of AI use cases, chief among them vulnerability assessments, prioritization and management, and assisting with triage and analysis. Clearly, operationalizing these use cases will support their drive for efficiency and reduce the burden on under-pressure teams, but they are struggling to secure the buy-in they need to proceed.
Still more frustratingly, Heads of IR are not short of budget. Among all the roles we surveyed, Heads of IR were by far the most likely to have net new budget for cybersecurity automation; more than two-thirds of respondents can draw on new funds. However, unless they can convince leaders of the value of their use case, they will struggle to implement their planned projects.
ROI on AI: people vs performance
The challenges outlined above are reflected in how Heads of IR responded when we asked how they assess the ROI of cybersecurity AI projects. Sixty-eight percent said they judge success by how well they are managing to do the job in terms of mean time to detection and response, compared with an average of 49% among other roles. In part, this performance-focused approach reflects the frontline nature of their role, but it also indicates a desire to justify investment with clear evidence of performance improvement, rather than less tangible measures such as employee satisfaction, team and resource management, which CISOs are more likely to use.
Aligning CISOs and IR professionals: why it matters
Undoubtedly, the different mindsets that CISOs and Heads of IR bring to adopting AI in cybersecurity stem from their unique focus and priorities. Each views risk and potential through their own lens. However, if leadership and operational teams are not aligned on the purpose of AI adoption, there is a risk of deploying technologies that do not fully address the needs of those on the front lines – something that is especially frustrating to IR leaders who are clear on their use cases for AI, the benefit they’ll deliver, and how they will prove ROI.
In an environment as fast-paced and high-stakes as AI in cybersecurity, what’s needed is a flattening of hierarchies and open channels of consultation between strategically driven CISOs and cybersecurity practitioners such as Heads of IR. By overcoming the leadership paradox through greater understanding of drivers, motivations, and key AI use cases, organizations can overcome some of the challenges that we witnessed through the adoption of cybersecurity automation and ensure they don’t become barriers to success in implementing AI in cybersecurity.
