How AI will reshape government cybersecurity roles and strategies

Generative AI’s impact on cybersecurity workforce: A new global study reveals that nearly half of government cybersecurity professionals anticipate generative AI (GenAI) will eliminate the need for certain cybersecurity skills and roles.

• The survey, conducted by cybersecurity membership organization ISC2, found that 49% of government sector cyber professionals believe GenAI will make some cybersecurity skills obsolete.
• 48% of respondents in the government sector think GenAI could replace certain cybersecurity roles entirely.
• These percentages were slightly higher among the overall respondent group, which included professionals from various industries.

Uncertainty in skill requirements: The study highlights a significant level of uncertainty among hiring managers regarding the skills needed in an AI-driven cybersecurity landscape.

• 59% of hiring managers across industries admit they don’t know what skills will be necessary for success in an “AI-driven world.”
• This uncertainty has led many hiring managers to prioritize soft skills such as problem-solving, teamwork, and communication over technical skills like cloud computing security and risk assessment.
• Only 23% of government hiring managers worldwide (and 24% across all industries) are actively seeking candidates with AI and machine learning skills.

Contrasting perspectives on AI skills: The study reveals a discrepancy between hiring managers’ priorities and the views of non-hiring cybersecurity professionals.

• More than a third of non-hiring managers believe AI and machine learning skills are important for career advancement in cybersecurity.
• 40% of non-hiring managers in government and 37% across all industries emphasize the importance of AI and machine learning skills for hiring and promotion.

Current use of generative AI in cybersecurity: The adoption of generative AI in cybersecurity teams varies significantly between government and other sectors.

• Only 26% of government respondents reported that generative AI was integrated into their cybersecurity teams’ tools.
• In contrast, 45% of respondents across all industries indicated the use of generative AI in their cybersecurity tools.
• U.S. states appear to be more aligned with the broader trend, with 41% of state CISOs using GenAI for security work and 43% planning to implement it within the next year, according to the Deloitte-NASCIO Cybersecurity Study.

Concerns and regulations: The study highlights growing concerns about the security and privacy implications of generative AI use across organizations.

• Over two-thirds of government respondents believe more regulations are needed for the safe use of generative AI technology.
• This percentage is slightly higher than the overall respondent group expressing the same sentiment.
• 88% of state CISOs are involved in developing their state’s GenAI strategy, and 96% participate in creating GenAI security policies.
• However, only 60% of respondents across industries and countries reported that their cyber teams had a role in creating regulations and guidelines for GenAI.

Adapting to an evolving landscape: As generative AI continues to reshape the cybersecurity field, professionals and organizations must navigate the changing skill requirements and potential role transformations.

• The study underscores the need for ongoing adaptation and skill development in the cybersecurity workforce to keep pace with technological advancements.
• Organizations, particularly in the government sector, may need to reassess their hiring strategies and training programs to ensure they have the right mix of technical and soft skills to address future cybersecurity challenges.
• The discrepancy between government and industry adoption of GenAI in cybersecurity tools suggests that government agencies may need to accelerate their integration of AI technologies to remain competitive in threat detection and response.