“Humans are underrated”: Why AI in cybersecurity isn’t a case of us or them

If you’ve seen even a handful of films on the matter, you’ll know that artificial intelligence (AI) is taking over: The Terminator, The Matrix, I, Robot – they all envisage a world where machines come to rule. Even Fritz Lang’s Metropolis, released in 1927, was pessimistic about our robotic counterparts. The reality, however, isn’t nearly…

If you’ve seen even a handful of films on the matter, you’ll know that artificial intelligence (AI) is taking over: The Terminator, The Matrix, I, Robot – they all envisage a world where machines come to rule. Even Fritz Lang’s Metropolis, released in 1927, was pessimistic about our robotic counterparts. The reality, however, isn’t nearly so bleak. We’re far from being enslaved (physically at least) and, for better or worse, we remain the planet’s most destructive force. But there are discussions to be had. Worldwide spending on AI is set to reach $110 Billion in 2024, doubling 2020's figure – and there is real concern that human development is at risk.

The thinking is this: if enterprises put most of their resources into training machines, they can’t be fully supporting their people. There’s also the chance that maybe – just maybe – robots aren’t cut out for all jobs, and we should therefore continue to invest in flesh. Take, for example, Elon Musk’s Tesla-building operations. Last year the entrepreneur (and suspected supervillain) decided automation was the future of production, bragging that robots were his empire’s competitive advantage. Two months later he said, ‘Excessive automation at Tesla was a mistake. To be precise, my mistake. Humans are underrated.’

Clearly, there is a big difference between human and AI capabilities. The latter can lift, push, pull and calculate, but it cannot invent, contextualize or make decisions based on morals. Because of this, we will always need skilled human beings. The obsession with AI can be forgiven considering its potential, but we'll do well to remember that when robots mess up, it’s people who reverse the damage.

It’s not "us versus them"

The good news is, it’s not a question of "us or them". A Harvard Business Review study found that, while AI is getting better at human jobs, businesses achieve the best performance enhancements when humans and machines operate cohesively. Complementary skills such as creativity (human) and scalability (machine) enable workforces to exceed the sum of their parts.

Machines can also be used to execute the mundane tasks previously done by humans, which frees up a lot of employee time. This is undoubtedly a good thing, especially in technical industries such as cybersecurity, where constant upskilling is required for workers to remain current. In fact, AI is a particularly hot topic because of the skills shortage. According to (ISC)2’s Cybersecurity Workforce Study, 64% of organizations need more security staff, and there is a shortage of around two million security professionals globally.

The irreplaceable human

One school of thought says that AI is the panacea for this shortage – but this isn’t the case. Machines cannot control security operations centers (SOCs) without the leadership, insight and decision-making skills provided by humans; we are irreplaceable. In fact, relying too heavily on AI could even worsen the skills gap, as new technology demands experts to oversee it. And where does their training come from? It’s certainly not robots.

Ultimately, cybersecurity firms should be utilizing AI to carry out the processes where humans are weaker, progressing it slowly and not to the detriment of people. AI can doubtless improve security – it can be weaponized too – but we must not lose sight of the need to upskill our people. Symantec’s Chief Technology Officer, Hugh Thompson, says, "While we are certainly moving toward more automation across all industries, there will always be a need for human intervention in cybersecurity." We couldn't agree more.

We help businesses to increase and evidence human capability in every part of cybersecurity.