AI advancements pose challenges for cybersecurity sector

The Chartered Institute of Information Security (CIISec) has released its annual "State of the Security Profession" report, highlighting AI as a principal concern for cybersecurity professionals.

The report reveals that 54% of cybersecurity professionals believe that attackers will gain more from AI advancements than defenders. These insights come as AI continues to be a dominating force in the tech industry, with 51% of those surveyed indicating AI and machine learning as the most influential technologies in the next year. By comparison, only 7% anticipated technologies like zero trust and cybersecurity hygiene as comparable influencers.

Many security professionals, however, feel unprepared for these new challenges. Nearly half, 44%, expressed concern that their organisations lack awareness of AI-related risks and do not have policies in place to manage these challenges securely. Despite this, a significant number, 85%, are considering the integration of AI in their security roles.

Amanda Finch, CEO of CIISec, commented on the dual-edged nature of AI's influence: "Whilst the AI revolution will undoubtedly benefit many business functions, it's presenting more questions than answers for cybersecurity professionals. There's a huge risk of both cybercriminals weaponising the technology, and employees with a lack of risk awareness inadvertently leaving their organisation vulnerable when using it."

Finch further emphasised the need for the security industry to boost its understanding of AI threats, particularly generative AI, as it remains in its developmental stages. "Educating people just entering the industry and those looking to start a career in cyber will be particularly vital, as they'll be defending against AI attacks for decades to come," she said.

The report also sheds light on trends beyond AI, pointing out both progress and challenges in the cybersecurity domain. There's an ongoing concern about budget constraints, with 80% of professionals stating that security budgets are not keeping pace with the growing threat landscape. Only 11% believe that budget increases match evolving threat levels, leading to a possible stagnation in the industry, as believed by a record number, 19%, of respondents.

While average wages for cybersecurity professionals have climbed to GBP £87,205, a rise of over GBP £25,000 since 2015, this financial uplift is coupled with heightened stress levels. A significant 55% report that job-related stress affects their ability to sleep, and nearly a quarter of respondents (22%) consider themselves overworked.

Finch identified recruitment and the skills gap as critical areas requiring attention: "Cybersecurity professionals face so many challenges, many of which – such as the economy and the advanced threat landscape – are out of their control. But bridging the skills gap with improved recruitment and retention is one area where the industry can exert influence and drive improvements." She added that diversifying recruitment by prioritising skills over degrees or specific qualifications is essential for attracting and retaining talent, stressing the need to address issues like stress and career progression as pivotal to maintaining workforce stability.

Another challenge involves the sector's lack of diversity. Currently, women make up only 10% of the cybersecurity workforce, and just 19% of employees enter the industry without a degree. Such barriers contribute to a looming skills gap, as a mere 41% of professionals predict they will remain in the same role for the next two years.

The impact of poorly managed breaches also remains a lingering memory for the industry, with 57% of professionals recalling well-handled incidents, contrasted by the 97% who remember when security was mismanaged. These enduring impressions underscore the necessity for methodical crisis management and continuous improvement.