The Struggle Between Humans & Automation in the Financial Services World

A vast majority of organizations are increasing their IT automation investments in the next few years. While the upside to these investments appears to be focused on efficiencies, the downside comes at the cost of decreasing the number of skilled IT employees.

The Traverse City, Mich.-based Ponemon Institute, in partnership with the Seattle-based DomainTools, announced the results of “Staffing the IT Security Function in the Age of Automation,” in which more than 1,000 IT and security practitioners analyzed the impact of automation on current IT security practices and staffing in the United States and the United Kingdom.

Overall, the majority of companies (77%) continue to use or plan to use automation in the next three years. The biggest takeaway: The majority of respondents (51%) believe automation will decrease headcount in the IT security function, an increase from 30% in last year’s study. Concerns by employees losing their jobs because of automation increased to 37% over last year’s 28%.

“As adoption of automation becomes more mainstream and improves the effectiveness and efficiency of IT security staff, they are anticipating that they will be able to accomplish more with fewer bodies,” Dr. Larry Ponemon, chair and founder of the Ponemon Institute, said.

Ponemon said it believes it is likely to result in the consolidation of existing roles, rather than an elimination. This might mean better opportunities for employees to increase their current skill levels to create more value-added roles as the human side of security remains as important as ever. “For community organizations like credit unions, they could benefit greatly from automation because you could basically do quite a lot for what might seem to be a small investment.”

According to Corin Imai, senior security advisor with DomainTools, the financial services industry has somewhat of a problem when it comes to investing in automation programs. “Some of the biggest reasons that financial services are not adopting automation today are because of legacy environments and also the lack of in-house expertise,” she said.

Meanwhile, cybersecurity skills shortage continues as a problem with 69% of organizations’ IT security functions understaffed; a slight improvement over last year’s 75%.

The adoption of automation tools for cybersecurity in 2019 had mixed reviews. Overall, 74% agree that automation enables IT security staff to focus on more serious vulnerabilities and overall network security. Interestingly, automation highlighted a renewed focus on the importance of the human role in security.

Additional findings included the following:

• 40% believe automation reduces human error.
• 50% believe automation will make jobs more complex.
• 54% think automation will never replace human intuition and hands-on experience.
• 74% believe that automation is not capable of certain tasks done by IT security staff.

The report revealed that regulatory compliance standards, such as GDPR and others, are a growing influence in an organization’s use of automation, with 72% citing that over last year’s 66%. The survey also revealed that 81% see an increasing need for familiarity with security regulations and standards in both entry-level and experienced job candidates in the U.S.

“Automation is already improving the productivity of security personnel across industries. We are still in the early stages of adoption and just touching the surface of how automation will enhance the capabilities of security staff and evolve security roles,” Imai said. “However, the human factor remains the most important player in information security. Automation will never fully replace human intuition and expertise, and those that become experts in deploying and managing automation solutions will have a new valuable skill set for many years to come.”