The 2019 DomainTools and Ponemon study on automation and cybersecurity staffing in Asia Pacific, United States and the UK reveals an evolving Asia Pacific cybersecurity arena.
More than 1,400 security professionals based across the Asia Pacific (APAC), US, and the UK were surveyed for the Staffing the IT Security Function in the Age of Automation study. All respondents in the study are responsible in attracting, hiring, promoting and retaining cybersecurity personnel within their organisations. They revealed their concerns regarding the adoption of automation and AI as cybersecurity tools.
DomainTools is a leader in domain name and DNS-based cyber threat intelligence, while the Ponemon Institute is a research centre dedicated to privacy, data protection and information security policy.
A Skill Shortage Across All 3 Geographical Regions
The study showed a clear shortage of cybersecurity staff across all the geographical regions surveyed, with 78% of all respondents admitting their teams are understaffed.
According to respondents, automation will partially solve the problem, relieving cybersecurity professionals of time-consuming and non-cost-effective tasks, such as malware analysis, which is either already automated (50%), or is to become so in the next three years (56%).
Only 35% of respondents, however, think that automation will reduce the headcount of their cybersecurity function: 40% even expect an increased need for hires with more advanced technical skills.
"Within just one year, the perspective around adoption of automated technologies has notably shifted among cybersecurity professionals," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "Contrary to the popular belief that the rise of automation will threaten the job market, organisations now feel these technologies will help ease the current strain on resources, and offer the potential to promote job security for highly skilled staff, while strengthening cybersecurity defenses."
UK and US respondents were much more confident that automation will improve their cybersecurity staff's ability to do their job (59% and 65% of respondents, respectively) than Asia Pacific respondents (48%), who were also more likely to distrust AI as a cybersecurity tool (37% of respondents, compared to 31% in the UK and 24% in the US).
Asia Pacific Ahead In Cybersecurity Skills Availability
Skills shortages also seemed to be lower in Asia Pacific (67%) compared to the UK (70%) and the US (78%), perhaps partially explaining the different level of reliance and trust on automation and AI across regions.
At the same time, the survey reported that 40% of respondents expect an increased need for hires with more advanced technical skills, especially in Asia Pacific where governments and educational institutions are already accelerating specialised cybersecurity programmes and initiatives, such as the ASEAN-Singapore Cybersecurity Centre of Excellence announced during the Asean Ministerial Conference on Cybersecurity in September 2018, with ASEAN nations adopting a rules-based approach to regional cybersecurity frameworks. ASEAN, or the Association of Southeast Asian Nations, is a 10-nation group comprised of Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam.
Of those respondents who said AI is trusted as a security tool in their organisations, the majority listed staff shortages as the main reason why their enterprise has adopted the solution (53%).
"The results of the survey reveal that, overall, cybersecurity professionals are confident that automation will make their workload more manageable and will increase the accuracy of certain tasks, without jeopardising their job security," says Corin Imai, senior security advisor at DomainTools.
"Although there are geographical differences in the level of confidence placed in AI and automation as cybersecurity tools, the reasons that motivate their adoption – relieving overworked teams, preventing downtime and business disruptions, reducing threats created by operating in the global digital economy, etc. – seem to be consistent across regions, suggesting that goals and expectations are aligned for organisations across the globe."