Over the past 18 months, AI has changed how we do many things in our work and professional lives — from helping us write emails to affecting how we approach cybersecurity. A recent Voice of SecOps 2024 study found that AI was a huge reason for many shifts in cybersecurity over the past 12 months. Interestingly, AI was both the cause of new issues as well as quickly becoming a common solution for those very same challenges.

The study was conducted with Deep Instinct and Sapio Research by surveying 500 senior cybersecurity professionals working for U.S. companies with at least 1,000 employees. The respondents worked in a wide range of industries, including financial services, technology, manufacturing, retail, healthcare and critical infrastructure, as well as in the public sector.

Shifting strategies to prevention due to AI

One of the biggest findings of the survey was that 75% of respondents had to change their cybersecurity strategies in the past year due to the rise in AI-powered cyber threats. The vast majority of professionals (97%) reported they were concerned that their organization could become victimized by AI-generated zero-day attacks.

The majority (73%) of professionals said that the shift involved moving toward a more proactive than reactive approach. Interestingly, more than half of the respondents (53%) said that the shift in approach came from their senior leaders. At the time of the survey, 42% were already taking a preventive approach through using predictive prevention platforms. Another 38% were looking into using these platforms.

As part of the overall shift in approach, many organizations are also providing security awareness and training programs (47%) and endpoint detection and response systems (41%). Other strategies include regular security audits (39%), collaborating with external experts (38%), and using other AI-based tools (20%).

AI increasing stress and burnout for cybersecurity professionals

The survey also found that AI is increasing stress and burnout for cybersecurity professionals, which is already a top concern and a challenge for the industry. When asked whether their stress levels were worse this year than last, 66% said yes.

High stress levels in cybersecurity professionals can cause lower retention rates, which can negatively impact a company’s cybersecurity due to open positions and a lack of continuity.

Additionally, high stress can make recruiting harder because professionals leave the field or do not want to work at a high-stress organization. When someone leaves an incident response team, it typically takes six months on average before the replacement is a fully contributing team member, which also increases stress on existing team members.

However, when asked about the reason for increased stress and burnout, 66% responded that AI is responsible. Other causes included staffing/resource limitations, compliance/regulatory pressures, public scrutiny/reputation concerns and remote work challenges. Additionally, 29% said they were stressed over the fear that AI could take over their jobs.

Organizations are turning to AI to help reduce the stress levels caused by AI. About a third of organizations are planning AI tools to automate time-consuming and repetitive tasks to free up cybersecurity professionals for high-level tasks in an effort to reduce stress. Additionally, 35% said that moving to a prevention-focused approach would help lower their stress levels.

However, reducing burnout requires additional support. Organizations can help their teams learn to be more adaptable, such as by practicing for possible incidents, which can reduce stress through being prepared. Also, by building smaller teams, businesses can create a culture of relying on each other. Companies should prioritize mental health by providing resources and normalizing the use of these resources, especially after a cyberattack.

AI continues to evolve

As AI technology continues to improve and progress, the cybersecurity industry will continue to see impacts, and there will be shifts in how cyber criminals and cybersecurity professionals use their tools. By staying on top of new tactics and tools, cybersecurity professionals can take the most effective preventive approach while working to reduce stress.