AI a force multiplier for the bad guys, say cyber pros
A slender 54% majority of UK cyber security professionals believe threat actors stand to benefit more from artificial intelligence (AI) than they do, according to a report on sector attitudes compiled by the Chartered Institute of Information Security (CIISec).
All told, 89% of those who took part in the organisation’s latest State of the security profession report said they thought AI would benefit attackers, compared with 84% who thought it would benefit the cyber security industry directly.
The study also exposed a lack of planning for AI among UK businesses, with 44% of cyber professionals saying their organisation was broadly unaware of the risks posed by AI and did not have sufficient policies in place to ensure it was being used safely – although despite this, 85% were at least considering the use of AI themselves.
The CIISec report showed that AI and machine learning will be the most influential technology in the security sector in 2025 by a country mile, with 51% agreeing, compared with zero trust, cited by just 7%, and security hygiene basics, also cited by 7% of respondents.
“Whilst the AI revolution will undoubtedly benefit many business functions, it’s presenting more questions than answers for cyber security professionals. There’s a huge risk of both cyber criminals weaponising the technology and employees with a lack of risk awareness inadvertently leaving their organisation vulnerable when using it,” said Amanda Finch, CEO of CIISec.
“The security industry needs to build knowledge of the threats posed by AI – particularly generative AI – whilst it’s still in its relative infancy. Educating people just entering the industry and those looking to start a career in cyber will be particularly vital, as they’ll be defending against AI attacks for decades to come. This will help to inform security practices and help cyber security professionals to educate the wider business about risk and safety.”
Beyond the cutting edge
As always, CIISec’s annual report also explored broader security industry trends, where it found some areas of general improvement, but also much to be concerned about.
Whilst the AI revolution will undoubtedly benefit many business functions, it’s presenting more questions than answers for cyber security professionals Amanda Finch, CIISec
For example, average sector wages now stand at over £87,000, up £25,000 from its first such report covering the 2016-17 period – an indication that, for security professionals at least, earnings growth has not only kept up with, but outpaced inflation.
Security professionals also tended to believe that, as an industry, they were doing better at defending against and dealing with cyber incidents, but many said this is unsustainable – 80% think their budgets are either rising too slowly, flatlining, or outright declining, compared with 11% who think budgets are rising in line with threat levels. Many believed a period of stagnation in security may lie ahead.
Coupled with this, almost a quarter of cyber security professionals said they felt overworked, and over half said they had had trouble sleeping due to the pressures of the job. And well they might, because when asked about well-handled and poorly handled incidents, just 57% could name one that had been handled appropriately while 97% could remember a mismanaged breach.
Talent gap widened by diversity failings
Finally, this year’s report also explored how a lack of attention to diversity within the security sector is widening the skills gap. Between people, processes and technology, it is people, said CIISec, that pose the greatest operational challenge, with analytical thinking and problem-solving skills in particular shortage.
The sector also remains an exclusive one, with only 19% of entry-level cyber professionals not holding a degree, and only 10% women. Retention is also a growing issue, with only 41% of cyber professionals predicting they would be in the same role two years from now.
“Cyber security professionals face so many challenges, many of which – such as the economy and the advanced threat landscape – are out of their control. But bridging the skills gap with improved recruitment and retention is one area where the industry can exert influence and drive improvements,” said Finch.
“If the cyber security industry wants to attract and keep its talent, it must diversify recruitment practices, hiring based on skills rather than experience or qualifications. Issues such as stress and career progression will also need to be addressed to help retain staff. With an ever-widening skills gap and more advanced threats driven by AI, failing to attract talent to the industry will hinder efforts to make the world a safer place, both today and in the future.”
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Manage your privacy
To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
