A slender 54% majority of UK cyber security professionals believe that cyber criminals are more likely to benefit from artificial intelligence (AI) than those working to protect against threats. This finding comes from a recent report by the Chartered Institute of Information Security (CIISec). A striking 89% of participants in the State of the Security Profession report think AI will help attackers, while 84% see potential benefits for the cyber security industry.
The report also highlights a worrying trend: many UK businesses lack a solid understanding of the risks associated with AI. Forty-four percent of cyber professionals indicated their organizations don’t have proper policies in place to use AI safely. Yet, despite these concerns, 85% of respondents are at least considering using AI themselves.
CIISec points out that by 2025, AI and machine learning will emerge as the leading technologies in the security sector, with 51% of professionals in agreement. This dwarfs other mentioned strategies like zero trust and basic security hygiene, which only received 7% support each. Amanda Finch, the CEO of CIISec, notes, “The AI revolution benefits many business functions, but it raises more questions than answers for cyber security pros. There’s a significant risk of cyber criminals exploiting this tech and employees accidentally putting their organizations at risk.”
Finch emphasizes the urgent need for the security industry to understand the threats posed by AI, particularly generative AI. Educating newcomers in the field is crucial. As they will be defending against AI-driven attacks for years to come, building solid knowledge now will be vital for shaping security practices and informing staff about risk management.
Shifting focus, CIISec’s annual report also highlights some industry trends, revealing both improvements and serious concerns. Average salaries in the sector have climbed to over £87,000, an increase of £25,000 since the 2016-17 report, suggesting that earnings growth is outpacing inflation for security professionals. While many feel they’re improving at defending against cyber incidents, an alarming 80% believe their budgets aren’t keeping up with the rising threat landscape.
The atmosphere in the workplace looks tense, too. Nearly a quarter of cyber professionals report feeling overworked, and over half have struggled with sleep due to job-related stress. When asked about incident handling, only 57% could identify a well-managed case, while 97% recalled a poorly handled breach.
On top of this, the talent gap in the industry is widening, largely due to a lack of diversity. There’s a pressing need for analytical thinkers and problem solvers. Shockingly, only 19% of entry-level cyber professionals lack a degree, and women make up just 10% of the workforce. Retention is a growing concern, with only 41% of cyber professionals expecting to stay in their current roles for the next two years.
Finch comments, “Cyber security professionals face many challenges, many beyond their control. But we can influence the skills gap by improving recruitment and retention.” She stresses that the industry needs to diversify its hiring practices, focusing on skills over traditional qualifications. Addressing stress and career progression is also essential to keep talent on board. The need to attract skilled professionals is critical, especially with AI advancing threats and the skills gap only getting wider.