A year ago, predictions for a tumultuous cybersecurity landscape were rampant. Companies across the globe were struggling – budget cuts and layoffs affected IT and security teams, but we didn’t yet know at what magnitude. So, in August 2023, Axonius conducted a survey of 950 IT and security decision makers across the United States, United Kingdom, and Australia to get a better picture of how teams were navigating the unknown.
The results were surprising. We found that a lot of the data stood against the recession predictions that were common earlier this year. This inspired us to take a deeper dive to uncover other paradoxes IT and security teams are facing. The insights surrounding where teams are investing time, money, and people resources might surprise you…or it might not.
In this blog post, we’ll share our top three research-driven takeaways on how IT and security decision makers can efficiently tackle these unexpected paradoxes.
Axonius top three takeaways for IT and security leaders
Generative AI is underscoring the widening skills gap
How do tech leaders view AI? Is it a useful tool that increases efficiency or a threat to our society and security? While generative AI is changing the ways we obtain information and how quickly we gain this context, the reality may not be as shocking as headlines and billboards want you to think. In fact, the future of generative AI might even be boring.
Regardless, 72% of surveyed leaders reported feeling concerned about the effects of generative AI on their organizations’ cybersecurity. Another 84% would like to see new legislation introduced to help regulate AI and ML before it’s too late.
But AI is not the biggest problem facing IT and security leaders today. Instead, it’s the fact that in June of 2023, it was estimated that there were 663,434 unfilled cybersecurity roles in the U.S. and 3.5 million unfilled roles worldwide.
For organizations struggling to hire, many choose to supplement the lack of human talent with new tools and technologies – in some cases, even forgoing their concerns of AI and using it for automation and analytics. The problem with that philosophy, however, is that you wind up with a whole lot of tech with very little staff who can use it. To avoid this situation, leaders are considering whether a new product (or AI) will speed up their workers or slow them down before investing time and resources.
SaaS is here to stay...but who owns it?
Determining what department owns what SaaS application remains a challenge. Each team uses different tools to do their jobs, and IT isn’t always involved in the procurement process. This undefined territory results in no one prioritizing SaaS ownership, creating security gaps and vulnerable IT ecosystems.
In reality, SaaS is here to stay, and should be treated as a priority. 74% of organizations spend more on SaaS today than they did one year ago. That’s why leaders are taking time to determine who owns what and come up with a game plan for managing SaaS applications and licenses to help ensure that infrastructure stays secure, especially as employees take care of their own software needs.
Retain skilled staff by overcoming burnout and upleveling employees
Burnout is a real risk for cybersecurity professionals who are constantly focused on mitigating threats. IT and security leaders know it’s their responsibility to give their teams useful resources to manage stress and anxiety. The good news? Our research shows that most respondents aren’t currently struggling with this. 66% reported that they’re not experiencing burnout at work, and 40% say they’re feeling less burned out now than they did one year ago.
The reason for less burnout can most likely be attributed to the fact that IT and security leaders are prioritizing making work easier for cybersecurity staff. Sixty-three percent of teams are increasing headcount, 75% are providing learning opportunities for employees, 39% are looking to implement more AI-based tools, and 52% are eliminating manual processes. Some teams have even decided to recruit internally and uplevel existing staff, rather than complete a time-consuming and expensive recruitment cycle. By giving employees resources for growth opportunities and helping them prioritize their mental health, leaders are seeing less frequent burnout and lower turnover.
How these insights are being used in 2024
According to our insights, IT and security teams are responding to these challenges by embracing two approaches: automation and getting the most out of the tools their teams already use.
A common misconception is that AI can immediately solve every business problem you throw at it. IT and security experts know this isn’t the case, which is why they’re embracing automation now and in 2024. Automation tools help you save time and drive energy towards bigger-picture tasks that AI models just can’t tackle.
Another way leaders are squeezing value out of their tech stack in 2024 is by maximizing the value of the tools they already have. Instead of throwing more money at problems, leaders are making the most out of existing resources, whether they’re using Cyber Asset Attack Surface Management (CAASM) or SaaS Security Posture Management (SSPM) solutions or anything in between. This helps extract value from the tools you’re already spending money on, and saves money that might have been spent on new solutions containing capabilities you already have.
As you prepare for the next year, gain a better understanding of these IT and security paradoxes and how leaders are responding by downloading our ebook, “Navigating the IT and Security Resource Paradox: How Organizations Are Addressing Real and Perceived Challenges.”