Abstract
In automation-heavy Security operation centers (SOCs), analysts face risks of automation bias and complacency. Surveying 720 analysts using PLS-SEM, we explored preferences for human versus automated task handling at two different stages of the incident response lifecycle. Results exposed a stark dichotomy: analysts favored entirely human-driven or fully automated processes, expressing little desire for intermediate collaborative approaches. This presents a challenge for integrating necessary automation effectively. Gradual, evolutionary implementation is advised over revolutionary, disruptive changes to encourage acceptance.
Recommended Citation
Tilbury, Jack and Flowerday, Stephen, "Human-Automation Preferences in Security Operations Centers" (2025). MWAIS 2025 Proceedings. 10.
https://aisel.aisnet.org/mwais2025/10