In a recent high-profile case highlighted by Microsoft, AI-powered Defender for Endpoint played a key role in detecting and stopping a sophisticated ransomware attack. The attackers had begun encrypting data on an organization’s network when, using advanced AI anomaly detection, the attack was stopped and less than 4% of the organization’s devices were compromised.
This case highlights the growing ability of AI to act as a co-pilot in cybersecurity, threat detection automation and help human operators respond faster and more efficiently. However, as the role of AI expands, a new challenge emerges. AI is not only transforming how we fight cybercrime; it reshapes the very structure of the cybersecurity workforce itself.
The State of the Current Workforce
AI is now capable of performing tasks once reserved for entry-level employees, like writing reports or creating presentations. This change alters the composition of the workforce. For the first time in 10 years, the most prevalent age group is represented in ISACA’s “State of Cybersecurity 2024.” report These are professionals aged 45 to 54, while young professionals aged 34 and younger are stagnating. The absence of new talent raises concerns about succession planning.
Economic factors also contribute to workforce changes. The ISACA report finds that cybersecurity professionals, particularly in the United States, are staying in their jobs due to job market instability, with recruitment by other companies falling to 50%. High stress levels – as high as 46% – continue to push professionals out of the field, compounded by debates over return-to-office mandates and limited remote work options.
While AI can ease workloads and improve efficiency, the shrinking number of cybersecurity professionals – especially among executives – could cause problems for organizations in the future.
According to the report, “survey data reveals a sharp decline in technical and non-technical individual contributor vacancies. Cybersecurity manager positions fall nine percentage points (60%) to their lowest level on record. …Senior manager/director vacancies are decreasing for the third year in a row.”
Likewise, cybersecurity leadership positions are shrinking, but not as drastically. AI can help managers and leaders by provide threat intelligence and automation of repetitive tasks. However, while AI provides short-term relief, it raises questions about the long-term sustainability of the workforce. This trend suggests that AI is not only automating lower-level tasks, but also making its way into leadership positions, reducing the demand for human talent in some cases.
How to manage AI and the future workforce
The rise of AI presents opportunities, but cannot replace the strategic thinking necessary to defend cybersecurity. Current workforce trends highlight the need for succession planning and talent development. While AI can be a valuable tool, human expertise remains essential.
Organizations must strike a balance between using AI for efficiency and investing in human talent. High stress and economic pressures contribute to burnout. As AI takes on more and more tasks, it is essential that companies invest in the mental well-being of their cybersecurity teams to prevent attrition and maintain security.
AI is reshaping the cybersecurity workforce by handling tasks once reserved for junior employees. Although it might help bridging the skills gapdeclines in professional development and leadership roles, as well as increased stress, signal a workforce in transition. Organizations must ensure that AI complements human workers, while continuing to build a skilled and resilient workforce.
In the rush to AI, businesses cannot afford to neglect cybersecurity. Practical experience remains vital, and investment in training and development is essential to closing the skills gap. While short-term solutions like outsourcers and AI offer help, long-term strategies should focus on nurturing talent and building strong teams. Underfunding cybersecurity, while relying too heavily on AI, will leave organizations vulnerable to ever-evolving threats.
The future of cybersecurity requires a balance between AI and human expertise. AI can fill some gaps, but it cannot replace the adaptability and strategic thinking of skilled professionals. To protect against future risks, organizations must invest in both innovation and their workforce.
Sushila Nair, CISA, CRISC, CISM, CDPSE, is CEO of Cybernetic LLC. She has over 30 years of experience in IT infrastructure, business and security risk analysis, and credit card fraud prevention, and has served as a legal expert witness . She has participated in global technical events, co-authored books and is regularly quoted in the press. Nair is also the current President of the ISACA Greater Washington, DC Chapter and an active supporter of ISACA’s SheLeadsTech program.