AI Won't Solve Cybersecurity's Retention Problem

COMMENTARY

Artificial intelligence (AI) continues to advance the capabilities of cybersecurity analysis, with AI-based natural language processing, volumetric computing, and anomaly detection handling many of the incident-investigation tasks analysts typically have done. But while the technology can augment the role of a security practitioner to efficiently sift through data or help detect anomalies, it will not replace the broad human context necessary for investigating incidents. This problem is exacerbated by the cybersecurity industry's failure to be more inclusive of women and minorities, which is an existing problem that AI can't fix.

Gartner predicts that by 2025, lack of cybersecurity talent or human failure will be responsible for more than 50% of significant cybersecurity incidents, signaling an urgent need to fill cybersecurity roles to keep organizations safe. But women account for only a quarter of the global cybersecurity workforce, and that number is falling, in some cases. For example, data from 2023 indicates only 17% of the cyber-sector workforce in the UK is female, down from 22% in 2022, and only 14% of senior roles in the industry are filled by women.

Leveling the Playing Field

The industry cannot afford this sort of backslide as cyber threats continue to advance. We must emphasize and cultivate the foundational skills that will make women, girls, and minorities successful in AI, machine learning (ML), and general cyber careers. We have been using AI/ML in cybersecurity for years, but as these new AI-based tools are developed, the industry has an opportunity to level the playing field by encouraging equal participation in learning these tools.

As the statistics show, cybersecurity has a retention problem as well. Gartner's report also predicts that by 2025, nearly half of cybersecurity leaders will change jobs due to work-related stressors. This may be an even greater issue for women, as anecdotally, I have seen many women taking a break or even leaving the field for reasons including to care for family, poor workplace culture fit, or lack of organizational support leading to burnout. Some women simply do not want to be the trailblazer at a company or be the "only" within their organization or department, so they choose to leave.

We need to do better at supporting the talent and providing the resources and opportunity for women to flourish in the industry. Organizations such as Women in Cybersecurity (WiCyS), Women's Society of Cyberjutsu, Black Women in Technology, and Women in AI place a strong emphasis on building women's awareness, community, skills, and capabilities within the tech sector, and it cannot end there.

For example, organizations can help staff build their networks through attending cybersecurity or technology conferences. They can also establish mentorship programs and encourage and invest in women seeking leadership roles within their teams, rather than hiring externally. 

These behaviors can create a positive recurring cycle, as strong networks create even stronger cultural foundations of diversity. When you have a diverse leadership team, you have diversity of thought, which improves team performance and overall employee satisfaction.