Survey results highlight which automation use cases are working, which need more focus, and how senior cybersecurity professionals are approaching the challenge of securing the extended enterprise

Ashburn, Va. – Nov. 3, 2022 – ThreatQuotient™, a leading security operations platform innovator, today released the State of Cybersecurity Automation Adoption in 2022. Based on survey results from 750 senior cybersecurity professionals at companies in the U.K., U.S. and Australia from a range of industries, this global research report examines the drivers and challenges for implementing cybersecurity automation in today’s distributed enterprises. The report indicates that organizations have become more confident in automation itself compared to last year’s report, with over 84% of companies now having some level of trust in automation outcomes, up from the 59% who had confidence in outcomes last year.

The 2022 State of Cybersecurity Automation Adoption finds that organizations are working to automate various elements of their security strategy and are progressing through different levels of maturity. However, barriers remain. Technology was cited as the top blocker that is preventing organizations from applying cybersecurity automation (21%), in addition to a lack of skills (17%), and lack of management buy-in (17%) acting as a brake on adoption. Additionally, the report identifies a considerable disconnect and a lack of consensus over the drivers, barriers and challenges of automation among the various roles that influence cybersecurity strategy and tactical approach.

Key findings of the report include: 

  • 98% of respondents indicate their automation budget is increasing, although many are eating into other departmental or technology budgets to achieve this. A notable proportion (30%) are re-allocating unused headcount budget.
  • Organizations are most likely to already be automating threat intelligence management and incident response (26.5%), with phishing analysis (26%) and vulnerability management (25%) not far behind. 
  • Surprisingly, only 18% of respondents are automating alert triage, despite this being a potential route to reducing the burden of manual review and prioritization. 
  • Heads of IT Security Solutions/Architecture are having the most issues with management buy-in (37%) compared with the other job roles (19%).
  • When asked to rate their automation maturity from level 1, limited capability and no resources, to level 5, fully resourced and responsive set-up that integrates with other cybersecurity disciplines and adds business value, the majority of organizations (63%) rate themselves at level 2 or 3, showing that they have explored at least some use cases for cybersecurity automation, but that room for improvement remains.

In the 2021 survey, 37% reported already automating key processes, with 45% planning to do so in the coming year. Now that the additional 45% have started to implement automation, the 2022 report notes a change in the type of concerns reported. Last year, concerns were more conceptual, focusing around issues like trust in outcomes. Based on the 2022 responses, teams are now more focused on more practical issues, such as how best to apply automation to heterogeneous environments and legacy tools. It is here where solutions that simplify set-up of key use cases and use no-code to make automation accessible to a wider group of personnel can help overcome barriers and accelerate effective automation.

“ThreatQuotient commissioned this survey to gain a clearer picture of the state of IT security automation and adoption, and understand what is either accelerating or slowing automation in the U.K., U.S. and Australia. We are encouraged and intrigued by the 2022 results compared to the 2021 study,” said Leon Ward, Vice President, Product Management, ThreatQuotient. “Cybersecurity automation acts as a foundation to support the protection of the fast-evolving security frontiers of tomorrow. While the research shows that organizations have certainly made progress over the last year when using automation to manage routine work and improve overall cybersecurity maturity, many teams still report challenges with automation. ThreatQuotient’s goal is to further the industry’s understanding of where cybersecurity automation brings the most benefit.”

To download the full State of Cybersecurity Automation Adoption in 2022 report, including more detail on the survey questions, regional and industry snapshots, and recommendations for senior security professionals to follow if they are looking to automate their security processes, click here.

For more information about ThreatQuotient, please visit   

Report Methodology
Leading security operations platform innovator, ThreatQuotient, commissioned a survey, undertaken by independent research organization, Opinion Matters, in July 2022. 750 senior cybersecurity professionals in the U.K., U.S. and Australia from companies employing 2000+ people from a range of industries took part including: Central Government, Defense, Critical National Infrastructure, Retail, and Financial Services sectors, with 150 respondents from each.

About ThreatQuotient
ThreatQuotient improves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. ThreatQuotient’s data-driven security operations platform helps teams prioritize, automate and collaborate on security incidents; enables more focused decision making; and maximizes limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. ThreatQuotient’s industry leading data management, orchestration and automation capabilities support multiple use cases including incident response, threat hunting, spear phishing, alert triage and vulnerability prioritization, and can also serve as a threat intelligence platform. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe, MENA and APAC. For more information, visit

Media Contact 
(North America)
Taylor Hadley 
LaunchTech Communications for ThreatQuotient 

Share This