Some ten years ago, the authors of The Second Machine Age wrote that “computers and other digital advances are doing for mental power—the ability to use our brains to understand and shape our environments—what the steam engine and its descendants did for muscle power.” Many physical jobs were lost to machines, and according to the authors computers and IT technology were going to do the same to jobs that require cognitive skills.
Should cybersecurity practitioners therefore be afraid of the recent AI-related developments? Will they be replaced by artificial intelligence?
History offers lessons
We are yet again surrounded by fear, uncertainty, and doubt, and there are heated debates on which cybersecurity jobs will be automated by artificial intelligence and who will be made redundant.
But before diving into depression, I suggest learning from historical examples.
In his book “Learning by Doing – The Real Connection Between Innovation, Wages and Wealth”, James Bessen discusses the curious case of bank tellers and ATMs. Since banks employed many tellers and ATMs were created to replace them, many believed that it was just a matter of time until the ATMs would take over banking jobs. The first ATMs in the US were introduced in 1971 by Seattle First National Bank, and by 1976 more than 5,000 ATMs were installed. In 1980, senior management of Wells Fargo predicted that due to growth in electronic transactions, the number of bank branches will shrink dramatically, whilst the remaining branches would have “few, if any, support staff members”; and by 1984 more than 40% of US households owned ATM cards.
But despite the massive digitalization of banking, the number of bank employees did not shrink; it grew. ATMs did replace tellers, shrinking the size of a typical branch to 13 employees instead of 20. But this also meant that it was now more cost-effective to operate a branch, which led to more branch openings (which increased 43 percent between 1988 and 2004), thereby increasing the total demand for bank employees.
A more recent example involves the AI revolution in medical imaging. A recent study analyzed the impact of AI-based systems on medical and health practices. According to the authors, “AI imaging software and devices may assist or compete effectively with radiologists, eventually transforming the current model of medical and healthcare practice in various aspects”. According to the research, the revenues of the medical imaging companies are expected to grow from close to $0 in 2017, to $2.9 billion in 2025. And indeed, according to the AI in Medical Imaging Market report, during the period of 2021–2030, the global market for AI in medical imaging is expected to grow at a CAGR of 36.87%, from an estimated $1.24 billion in 2021 to an estimated $20.9 billion.
When radiologists look at this data, they may become concerned that their profession is about to be replaced by AI. But those concerns are premature; despite this trend, it seems that AI is not eating their jobs. Quite the opposite: between 2019 and 2022, during the AI boom years in radiology, job posting for radiologist has increased trifold from 1,000 to 3,000, along with a significant salary increase.
The Jevons paradox
The Jevons paradox, named after the economist William Stanley Jevons, states that when the efficiency with which a resource is used increases, people end up consuming more of it due to falling costs. In his 1865 book “The Coal Question”, Jevons observed that as the efficiency of the steam engine increased and it was able to accomplish more with less coal, coal consumption increased since people began using steam engines to perform more tasks. Similarly, when we learned to heat a furnace will less coal for iron production, coal consumption increased since it was now more profitable to produce iron, and building new iron production facilities attracted more investors.
It is this paradox that ensured the continuing demand for bank employees and radiologists and will create more cybersecurity jobs as AI evolves.
AI in cybersecurity
Despite AI technologies being used in cybersecurity for the last decade, it can’t be said that the demand for cybersecurity professionals is decreasing.
We have been using AI to prioritize SIEM alerts, and yet SOCs are severely understaffed. We have been using AI to detect malware, and yet we cannot fill all the job vacancies in incident response and reverse engineering. We have been using AI to detect network anomalies, and yet we are craving more blue teamers. In fact, according to 2022 (ISC)² Cybersecurity Workforce Study, the cybersecurity workforce gap is growing year over year, despite deploying AI for cybersecurity-related tasks.
Despite concerns that AI might replace human expertise in this field, it is becoming increasingly evident that as AI-based technologies mature, the demand for cybersecurity professionals will increase even further. Contrary to popular opinion, AI will be the primary factor in increasing the demand for cybersecurity professionals.