How AI is shaping the future of the cybersecurity workforce
ISACA's 'State of Cybersecurity 2024' report found that, while AI helps automate lower-level tasks, it presents issues when it comes to succession planning and talent development.
In a recent high-profile case highlighted by Microsoft, the company's AI-driven Defender for Endpoint played a key role in detecting and blocking a sophisticated ransomware attack. The attackers had begun encrypting data on an organization's network when, thanks to AI's advanced anomaly detection, the attack was stopped, and fewer than 4% of the organization's devices were compromised.
This case highlights AI's growing ability to act as a copilot in cybersecurity, automating threat detection and helping human operators respond faster and more effectively. As AI's role expands, however, a new challenge is emerging. AI is not just transforming how we fight cybercrime; it's reshaping the very structure of the cybersecurity workforce itself.
The state of the current workforce
AI is now capable of performing tasks once reserved for entry-level employees, such as writing reports or creating presentations. This shift is changing the workforce makeup. For the first time in 10 years, the most prevalent age group represented in ISACA's "State of Cybersecurity 2024" report is professionals aged 45 to 54, while younger professionals aged 34 and below remain stagnant. The absence of fresh talent raises concerns about succession planning.
Economic factors also contribute to workforce changes. ISACA's report found that cybersecurity professionals, especially in the U.S., are staying in their roles due to job market instability, with recruitment by other companies dropping to 50%. High stress levels -- up to 46% -- continue to push professionals out of the field, compounded by debates over return-to-office mandates and limited remote work options.
While AI can ease workloads and improve efficiency, the shrinking pool of cybersecurity professionals -- particularly in leadership -- could spell trouble for organizations down the road.
According to the report, "survey data reveal steep declines in vacant technical and nontechnical individual-contributor positions. Cybersecurity manager positions drop nine percentage points (from 60 percent) to their lowest level ever reported. … Senior manager/director vacancies decrease for the third consecutive year."
Similarly, executive-level cybersecurity positions are declining, although not as drastically. AI can assist managers and executives by providing threat intelligence and automating repetitive tasks. However, while AI offers short-term relief, it raises questions about the long-term sustainability of the workforce. This trend suggests that AI is not only automating lower-level tasks, but it is also making its way into leadership roles, reducing the demand for human talent in some cases.
How to handle AI and the future workforce
AI's rise presents opportunities, but it cannot replace the strategic thinking needed for cybersecurity defense. The current workforce trends highlight the need for succession planning and talent development. While AI can be a valuable tool, human expertise remains essential.
Organizations must strike a balance between using AI for efficiency and investing in human talent. High stress and economic pressures are contributing to workforce burnout. As AI takes on more tasks, it is vital that companies invest in the mental well-being of their cybersecurity teams to prevent attrition and maintain security.
AI is reshaping the cybersecurity workforce by handling tasks once reserved for junior employees. While it can help bridge the skills gap, the decline in professional development and leadership roles, as well as rising stress, signal a workforce in transition. Organizations must ensure that AI complements human workers, while continuing to build a skilled, resilient workforce.
In the rush to embrace AI, companies cannot afford to neglect cybersecurity. Hands-on experience remains vital, and investment in training and development is essential for closing the skills gap. While short-term solutions, like contractors and AI, offer help, long-term strategies must focus on fostering talent and building strong teams. Underfunding cybersecurity, while over-relying on AI, will leave organizations vulnerable to ever-evolving threats.
The future of cybersecurity requires a balance between AI and human expertise. AI can fill some gaps, but it cannot replace the adaptability and strategic thinking of skilled professionals. To safeguard against future risks, organizations must invest in both innovation and their workforce.
Sushila Nair, CISA, CRISC, CISM, CDPSE, is CEO of Cybernetic LLC. She has more than 30 years of experience in computing infrastructure, business and security risk analysis, and credit card fraud prevention, and she has served as a legal expert witness. She has been featured in global technical events, co-authored books and is regularly quoted in the press. Nair is also the current president of the ISACA Greater Washington, D.C. Chapter and an active proponent of ISACA's SheLeadsTech program.
