Palo Alto Networks study highlights preference for AI management of cyber security

An online study of more than 10,000 respondents in EMEA conducted by Palo Alto Networks and YouGov alongside Dr Jessica Barker, an expert in the human nature of cyber security, has explored attitudes towards new cyber security technologies, such as Artificial Intelligence (AI), and how these technologies protect their digital way of life.

Just over a quarter (26%) of EMEA respondents would prefer their cyber security to be managed by AI rather than a human presence. Italy has the most confidence in relying on AI (38%), while in the UK only 21% of those individuals surveyed prefer AI over humans to protect their digital way of life.

The research suggests that those who are more open to AI technologies have a positive outlook on the role cyber security plays in their day-to-day lives. Almost a third (29%) of respondents online who preferred their cyber security managed by AI feel having cyber security checks in place has a very positive impact on their overall online experience compared to the combined average of 20%.

Greg Day, vice-president and CSO for the EMEA at Palo Alto Networks, commented: “AI is already playing a vital role in cyber security, helping to detect and prevent breaches with new capabilities that the human brain simply could not achieve. It’s encouraging to see the gap closing between AI and human-managed cyber security technologies, while the positive attitude towards cyber security checks that comes with a preference for AI technologies is one we hope to see embraced by more people in the future. Humans are risk averse, yet innovation requires taking new steps and many still see change as risk. Taking responsibility for data loss and keeping personal data secure is the first step in ensuring we’re using Best Practice within a business. Education is key when it comes to helping respondents feel safer online.”

IoT security mixed views

The study has also uncovered mixed views on the perceived security of Internet of Things (IoT) technologies, such as smart home devices and ‘wearables’. 38% of EMEA respondents believe them to be secure, with a similar number (43%) thinking the opposite. However, this did vary across the region, with those in the UAE most trusting of IoT’s security (71% believe it to be secure), whereas a higher proportion in Germany (53%), France (48%) and the UK (46%) believe them to be insecure.

Topics like data privacy and ethics are becoming more mainstream. Dr Jessica Barker says it’s not surprising to see hesitation in adopting new technologies like AI and IoT, commenting: “When any new technology emerges, there’s often a reticence among many to embrace the change, even when it offers an improvement to our way of life. Telephones, trains and televisions were all a source of fear for the general public when they were first introduced. Many people are unaware of the way in which AI and machine learning are already enabling our use of technology, protecting our data and preventing cyber attacks, largely because it’s often non-invasive to the end-user. This can mean people feel hesitant about the concept of embracing AI without realising that it’s already a positive presence in their lives. It’s interesting to note that the IoT is considered insecure by the majority of participants, whereas most people feel that technology, in general, is helping them to be more secure online. This would seem to suggest that the technology industry needs to address security and privacy concerns surrounding the IoT in a more meaningful and transparent manner.”

Other key findings from the online research include:

*While there’s a generational divide when it comes to preferring cyber security managed by AI, it isn’t as polarising as expected, with millennials showing a marginal preference (31%) compared to ‘baby boomers’ (23%)

*Cyber security self-reliance is a global trend with 54% of respondents taking responsibility for their personal data when online. The divide between the younger (18-24) and older (55+) generations is more prominent here, with only 43% of the younger demographic taking responsibility for their own personal data compared to 58% of those aged 55 and above

*A quarter (25%) of respondents feel cyber security should be the responsibility of law enforcement, while 28% feel it’s down to the Government

*The cyber security message is beginning to translate. A majority of respondents (44%) agree that cyber security technologies afford them the ability to spend less time worrying about personal data loss versus the 14% who disagree

*67% of respondents feel they’re doing all they can to prevent the loss of their personal data. This rises to 75% of respondents aged 55 and over and falls to 59% for 25- to 34-year-olds. 77% of respondents in the UAE and France agree with this statement, while only 60% of those in Italy and Sweden agree

Trust is important

Dr Barker added: “Trust is so important in cyber security. People want to be actively engaged in better protecting themselves online and embrace technology that supports them in this. The knowledge acquired can then be transferred to other areas of their lives, most importantly the workplace. It’s interesting to see that older participants feel a greater sense of responsibility over their data than younger participants. There are a number of factors which could help explain this, one being that the older generation are more likely to have been exposed to cyber security training and practices in the work environment. This could have influenced their mindset to be more security conscious. It could also be that the younger generation is more likely to regard security as a collective responsibility and as part of a culture that’s more centred on sharing.”

Greg Day concluded: “The results of this study provide some key takeaways for businesses. It’s important that they take into account perceptions of technologies like AI and the IoT when developing new products and services, as well as staying ahead of new threats targeting the next generation networks upon which they will rely. Building and maintaining trusted capabilities will only be achieved through prioritising cyber security and data privacy and communicating openly and honestly. Through applying these new technologies responsibly and adopting them into our day-to-day lives, we can create a world where each day is safer and more secure than the one before.”

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, commented: “We’re certainly not ready to cede cyber security control to AI. First of all, we have to define the widely misused and overused ‘AI’ acronym from a practical standpoint. In cyber security, we have an increasing proliferation of various machine learning technologies (including deep learning) capable of tackling routine and time-consuming tasks in a rapid and reliable manner. However, once a decision-making process evolves or requires a business-focused decision, these systems will have a much higher failure rate compared to people.”

Kolochenko added: “Moreover, AI and machine learning technologies usually require continuous maintenance and ongoing training that, likewise, requires human expertise. Last, but by no means least, industry doesn’t have much experience yet in malicious techniques purported to confuse and misguide machine learning models to bypass enacted security controls, while the attackers are continuously developing them for fun and profit. Therefore, we’re still far away from relinquishing cyber security control in favour of AI. Human intelligence will likely remain the most valuable asset on the market.”

*The total YouGov sample size was 10,317 adults, of which 1,016 were from the Netherlands, 1,021 from Italy, 1,005 from the UAE, 1,041 from France, 1,953 from Sweden, 2,181 from Germany and 2,100 from the UK. Fieldwork was undertaken between 29 April and 16 May this year. The survey was carried out online

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts