Over the past 10-15 years, cybersecurity has gone from being a topic of conversation for IT staff in the back office to a business imperative on the minds of top executives. The closer the cyber conversation got to the boardroom; the higher the security team’s stress levels became.
Today, cloud, remote work and AI are exacerbating this stress. Meanwhile, ransomware and other cyberattacks are soaring, pushing cyber professionals to the brink of exhaustion. Practitioners find themselves working longer hours and have become increasingly worried about failure – as mega-breaches play out so publicly in the media.
Five years ago, two-thirds of CISOs were considering a job change or leaving the industry entirely. Today, nearly two-thirds (62%) of polled IT security leaders say they’ve experienced burnout at least once; meanwhile, nearly half (44%) have reported multiple instances.
Let’s zero in on one of those stressors, AI, which has dominated business and security conversations for nearly two years but is truly a double-edged sword.
Security teams are meeting new mandates to shoe-horn AI more directly into their day-to-day roles. Mostly, this is an effort to counter surging threats, including more advanced, automated cyberattacks. However, without the proper organizational approach and long-term plan, AI will actually worsen security burnout.
AI Adoption Means More Work for IT
In the face of greater AI adoption and 3.5 million unfilled cyber jobs, the responsibilities of IT staffers are only growing. Now, not only do they have the traditional IT and security tasks to cover – including round-the-clock alarms and fire-drills – they’re also responsible for rolling out AI deployments and training. Plus, as adversaries use it to launch more attacks, IT departments may have to push other priorities down the list.
This added security risk, with increasingly limited resources, will demand an unprecedented reprioritization of practitioners’ time. In fact, aside from significant upfront investment, AI implementation requires system integration, database training, and maintenance, along with specialized knowledge and, potentially, a considerable amount of retraining. It could double- or even triple-task current teams.
No matter how you slice it, AI can add layers of management that may slow processes or create new challenges – at a time when 84% of polled cyber professionals cite stress primarily related to workload and project volume. These factors may breed more burnout and even more job openings as security pros decide they simply can no longer take the stress.
But it isn’t all negative.
First, Cover the Basics
Like any technology, AI comes with its share of complexities. But its cybersecurity benefits can be numerous: automating routine tasks, enhancing threat detection, triggering automated responses to common incidents, or simulating attack scenarios. Ideally, AI tools can free up practitioners to focus on high-priority issues, thus reversing burnout.
However, maximizing AI depends on two critical elements: existing security strength and tactical deployment. Let’s consider the first. To spare teams from failure or burnout down the line, they should not immediately over-index on AI security features unless they’re adequately prepared and have met specific criteria. This includes: an effective vulnerability management program, secure endpoints, data encryption, strong identity and access management (IAM) systems, and workable incident response plans.
Without foundational security, AI tools can worsen tool-sprawl and stress, instead of actually solving problems and providing ROI.
link