Study Reveals 8 out 10 Security Professionals Use Unauthorized AI Tools In the Workplace

New Survey Commissioned by Devo Highlights How Cybersecurity Automation Helps Organizations Solve Talent Shortages and Boost Business Results

Cambridge, Mass. – March 14, 2023 – Devo Technology, the cloud-native security analytics company, today announced the results of a commissioned study conducted by Wakefield Research, an independent research firm, revealing that IT security professionals are turning to unauthorized artificial intelligence (AI) tools likely due to dissatisfaction with their organization’s adoption of automation in their security operation centers (SOCs).

The research illustrates how adopting cybersecurity automation drives positive business outcomes, including solving staffing shortages and mitigating cyberattacks. According to the survey, organizations are continuing to invest in cybersecurity automation in 2023, even amid economic turbulence. 

“As organizations look for long-term solutions to keep pace with increasingly complex cyberattacks, they need technologies that will automate time-consuming, repetitive tasks so security teams have the bandwidth to focus on the threats that matter most,” said Marc van Zadelhoff, Chief Executive Officer, Devo. “This report confirms what we’re already hearing from Devo customers: adopting automation in the SOC results in happier analysts, boosted business results, and more secure organizations.”

Security professionals are going rogue and using AI tools without official sign-off

According to the study, security pros suspect their organization would stop them from using unauthorized AI tools—but that’s not stopping them.

  • Nearly all IT security pros (96%) admit to someone at their organization using AI tools not provided by their company—including 80% who cop to using such tools themselves.
  • Most security professionals (97%) believe their organizations are able to identify their use of unauthorized AI tools, and more than 3 in 4 (78%) suspect their organization would put a stop to it if discovered.

Nearly all security pros are unhappy with their organization’s adoption of automation in the SOC

Organizations are failing to adopt automation effectively, forcing security pros to turn to rogue AI tools to keep up with workloads.

  • 96% of security professionals are not fully satisfied with their organization’s use of automation in the SOC.
  • Reasons for dissatisfaction with SOC automation varied from technological concerns such as the limited scalability and flexibility of the available solutions (42%) to financial ones such as the high costs associated with implementation and maintenance (39%). But for many, concerns go back to people: 34% cite a lack of internal expertise and resources to manage the solution as a reason they are not satisfied.
  • Respondents indicated that they would opt for unauthorized tools due to the better user interface (47%), more specialized capabilities (46%), and allow for more efficient work (44%).

Investing in cybersecurity automation pays off

Security teams will prioritize investments in cybersecurity automation in 2023 to solve organizational challenges, despite economic turbulence and widespread organizational cost-cutting.

  • 80% of security professionals predict an increase in cybersecurity automation investments in the coming year, including 55% who predict an increase of more than 5%.
  • 100% of security professionals reported positive business impacts as a result of using automation in cybersecurity, citing increased efficiency (70%) and financial gains (65%) as primary benefits.

Automation fills widening talent gaps

Adopting automation in the SOC helps organizations combat security staffing shortages in a variety of ways.

  • 100% of respondents agreed that automation would be helpful to fill staffing gaps in their team.
  • Incident analysis (54%), landscape analysis of applications and data sources (54%), and threat detection and response (53%) were the most common ways respondents said automation could make up for staffing shortages.

To view the survey findings, download here.

Methodology: 

The Devo Survey was conducted by Wakefield Research among 200 IT security professionals from larger organizations, defined as companies with $500+ million in revenue, between January 30th and February 9th, 2023, using an email invitation and an online survey. 

About Devo

Devo is the only cloud-native security analytics platform that releases the full potential of your data to empower bold, confident action. With unrivaled scale to collect all of your data without compromise, speed to give you immediate access and answers, and clarity to focus on the signals that matter most, Devo is your ally in protecting your organization today and tomorrow. Headquartered in Cambridge, Massachusetts, with operations in North America, Europe and Asia Pacific, Devo is backed by Insight Partners, Georgian, TCV, General Atlantic, Bessemer Venture Partners, Kibo Ventures and Eurazeo. Learn more at www.devo.com.

Devo Media Contact:

Daysi Robles Lopez
[email protected]