A Tuesday morning in a Security Operations Centre, somewhere in Germany. Hundreds of alerts flicker across the screens. A phishing attempt. Suspicious network activity. A system alarm. The three analysts in the room scan the data, prioritise, decide. The head pounds from the constant noise of alerts. Breaks? Barely possible. The next meeting is at 2 p.m. Emails in the evening. And tomorrow it all starts again.
What sounds like an isolated case is everyday reality in many organisations. While the number of cyber attacks is exploding, the people who are supposed to repel them are missing. According to the ISC² Cybersecurity Workforce Study 2024, Germany is short of around 120,000 qualified professionals in cybersecurity. At the same time, 62 percent of organisations report staffing shortfalls, and security teams are working at their limit.
The Vicious Cycle of Overload and Skills Shortage
The consequences are measurable. Almost 90 percent of German companies experienced at least one security incident in the past year that was at least partly attributable to a lack of competence, according to the Fortinet Global Cybersecurity Skills Gap Report 2024. The damage adds up: the Institut der deutschen Wirtschaft puts losses from cyber attacks in Germany alone at 179 billion euros.
"What is missing, alongside sufficient staff, is often not just the technology, but also the time to use existing systems effectively."
Yet the real drama plays out not in balance sheets, but in the minds of those affected. Two thirds of security analysts experience burnout, a 2023 study by automation provider Tines found. 81 percent of burned-out professionals are considering changing jobs. A vicious cycle: the more who leave, the heavier the load on those who remain. According to IBM Security, more than two thirds of incident responders have sought mental health support because of their work. Strengthening resilience is becoming a security risk for the economy.
AI as a Digital Assistant, Not a Replacement
This is where artificial intelligence comes in. Not as salvation, but as a tool. AI-powered systems such as Microsoft Security Copilot can take over repetitive tasks, filter incidents, and set priorities. They analyse volumes of data that no human can keep track of, and suggest countermeasures. In the so-called triage phase, they sort genuine threats from false alarms. During containment, they recommend immediate action. In the investigation phase, they surface connections.
The principle is straightforward: machines are meant to free up analysts' capacity, so that analysts can focus on what requires human expertise. But the reality is more complex. According to a KPMG study from Austria, 65 percent of companies view AI as an opportunity to improve their cybersecurity. At the same time, 71 percent of professionals warn that cybercriminals are making better use of AI than companies are for defence.
The Dark Side of Automation
AI is no one-way street. Attackers use the same technologies to perfect their attacks. Phishing emails sound deceptively genuine, malware adapts faster, attacks become more targeted. A Trend Micro study shows that 70 percent of SOC teams report that constant alert readiness is taking an emotional toll on their personal lives. 55 percent admit they are not confident they are prioritising alerts correctly.
Automation alone does not solve the problem. What organisations need is a systemic approach: better processes, clearer priorities, and above all the recognition that technology is only as good as the people who operate it. AI can handle routine tasks, but the final call on whether an alert is genuine or a false positive must remain with a human.
Between Hope and Reality
The figures speak clearly. Bitkom projects a shortfall of 660,000 IT professionals in Germany by 2040. While companies invested around 11.2 billion euros in cybersecurity in 2024, 14 percent more than the previous year, the people needed to put those investments into practice are simply not there. Cloud security and cyber threat intelligence are the most urgently needed competencies according to the Fortinet study, yet only 64 percent of German IT decision-makers can find candidates with the required expertise at all.
Germany is actually comparatively open by international standards: only 42 percent of companies require a four-year university degree, against an EMEA average of 62 percent. Yet even this openness is not enough to close the gap.
What Needs to Happen
AI can be one building block for relieving overburdened teams. But it is no miracle cure. What security teams genuinely need are systemic forms of relief: fewer monotonous tasks, more control over their own work, better team structures, and recognition for what they do. Organisations must understand that burnout is not merely a personal problem; it is a security risk.
Microsoft, IBM, and other technology providers agree: AI does not replace analysts; it structures and accelerates their work.
A Cool Head in Heated Times
One conclusion stands firm: cybersecurity is not a purely technical challenge, but a profoundly human one. The best algorithms are worthless if the people behind them burn out. And the greatest danger lies not in attacks from outside, but in exhaustion from within.
Perhaps that is the most important lesson at a time when machines are growing ever more capable: we do not need them to replace people, but to protect them. Including the people who protect us.
