Human oversight still critical in cybersecurity: report

'You still need to have that human in the loop around AI,' warns expert

Human oversight still critical in cybersecurity: report

As organisations in Australia and New Zealand (ANZ) rapidly adopt artificial intelligence (AI), the need for robust human oversight remains paramount, according to a leading cybersecurity expert.

With the emergence of AI-driven threats, companies must be not only technologically equipped but also confident in their ability to safeguard both their own infrastructure and customer data. Yet many are dedicating disproportionate time to maintaining security tools rather than actively defending their systems, according to findings from Splunk, a Cisco company.

In fact, 46 per cent of employers say they now spend more time managing their tools than securing the organisation itself, and 11 per cent claim they place full trust in AI for mission-critical tasks. This confidence exists despite 66 per cent of respondents experiencing a data breach within the past year—making it the most frequently cited security incident.

Relying too heavily on AI is a risky strategy, warns Shannon Davis, global principal security researcher at Splunk, in a recent interview with HRD New Zealand.

“People do need to invest in these technologies, but I think you still need to have that human in the loop around AI,” Davis says. “Humans need to still be involved in those kinds of more mission-critical decision-making processes.”

That view is echoed by Michael Fanning, chief information security officer (CISO) at Splunk.

“Organisations are increasingly leaning on AI for threat hunting and detection, and other mission-critical tasks, but we don’t see AI taking complete oversight of the SOC – for good reason,” Fanning says. “Human oversight remains central to effective cybersecurity, and AI is used to enhance human capabilities to help where it truly matters: defending the organisation.”

A growing amount of sensitive data is going to AI tools as the use of the technology becomes increasingly widespread across organisations, according to a Cyberhaven report.

Splunk’s latest research—based on a survey of more than 2,000 security professionals—reveals that nearly six in ten (59 per cent) employers identify tool maintenance as their primary source of inefficiency.

Davis argues that the real value of AI in cybersecurity lies in augmenting the efforts of experienced professionals rather than replacing them outright. Senior analysts, he says, benefit from the way AI streamlines repetitive work and accelerates the analysis of emerging threats.

“I’m almost kind of wary of that positioning… AI can help… but you need to be able to understand when that actually is correct,” Davis says. “It’s a rapidly changing area. Give it a week, two weeks, a month, and that could completely spin and take a 180.”

He adds: “If we're using these tools to tell us if there are any threats in my environment right now, and it comes back and says, ‘No, everything's perfectly good,’ I'd be wary.”

DevSecOps, Detection engineering roles

As the cyber threat landscape evolves, skills in development, security, and operations (DevSecOps) and detection engineering are becoming increasingly vital, according to Splunk.

Davis says companies should focus on embedding security throughout the entire technology lifecycle.

“A breach can impact an organisation's operation significantly. So you need to make sure that you're building security into every aspect of your business,” he says.

Detection engineering, he explains, involves “applying more development practices and coding-type practices to how you're building your detections for security threats.”

He emphasises that detection work is not static: “It’s not a set-and-forget sort of thing. So having people that understand how to apply those techniques to detection” is essential, he says.

New Zealand businesses are growing more inclined to consider ransom payments to cyberattackers amid a shifting mindset among employers, according to a legal expert.

Splunk also notes that AI and automation alone won’t close the skills gap and the new risks they introduce. 

“As cyber threats grow in volume and sophistication, security teams are under constant pressure,” says Nate Lesser, CISO at Children’s National Hospital. “According to Splunk’s State of Security report, the industry is struggling with escalating workloads, alert fatigue, and a shortage of skilled talent. Integrating AI and automation helps us address these risks and empowers our teams with smarter tools to ensure our organisation remains resilient.”