Cognitive systems are driving $8 billion in revenue in 2016—and the space, which includes artificial intelligence (AI) and machine learning, is slated to become a $47 billion industry by 2020.

According to the IBM Institute of Business Value (IBV), cognitive solutions are already seeing widespread adoption in other industries. Yet the security community is still in the early stages of pioneering cognitive security systems. Today, only 7% of security professionals claim to be using cognitive technologies—and a lack of internal skills in the area and competency are the main obstacles, both cited by 45% of respondents.

That said, 21% said their organizations plan to use these solutions in the next two to three years—meaning that the use of cognitive security is set to triple within the next few years.

Ironically, the staffing challenge is also a driver: “The 24/7 nature of security operations presents a challenge that is costly for most organizations to staff, which is where the appeal of cognitive-enabled security comes in—it never sleeps or fatigues,” said Michael Pinch, CISO, University of Rochester, in the report.

In terms of where respondents think that cognitive could improve outcomes, nearly 60% of security professionals believe cognitive security solutions can significantly slow down cyber-criminals. About 40% of respondents believe this technology will improve detection and incident response decision-making capabilities. A full 37% of respondents believe cognitive security solutions will significantly improve incident response time, and 36% of respondents think cognitive security will provide increased confidence to discriminate between innocuous events and true incidents.

“Cognitive security has so much potential—you can meet your labor shortage gap, you can reduce your risk profile, you can increase your efficiency of response,” said David Shipley, director of Strategic Initiatives, Information Technology Services, University of New Brunswick, in the report. “It can help you understand the narrative story. People consume stories—this happened, then this happened, with this impact, by this person. Additionally, cognitive can lower the skills it takes to get involved in cybersecurity. It allows you to bring in new perspectives from non-IT backgrounds into cracking the problem.”

And on a related note, the study revealed that the top challenges in security today are reducing incident response times (45%), optimizing accuracy of alerts (41%) and staying current on threat research (40%). Threat research was also the top challenge cited due to insufficient resources, according to 65% of respondents.

“These challenges are, in many ways, intertwined. If security analysts were able to stay current on threats and increase accuracy of alerts, they could also reduce response time. This means there are many scenarios in which cognitive could help,” said Diana Kelley, executive security advisor for IBM Security, in a blog.

She added, “Although it’s not a silver bullet, automation and cognitive security are part of an evolution necessary to solve some of the biggest security challenges today and in the future. As we continue forward, we need to evaluate use cases and determine together how cognitive technologies can integrate into day-to-day security operations to address our security challenges in a new and better way.

Photo © Infinityy