Agents built into your everyday workflow. Read the announcement

Using agentic AI to solve the core cybersecurity problem: Time

A close-up of a book cover displaying text and a clock illustration.

Find out how agentic AI helps automate cybersecurity tasks to help reduce alert fatigue and staff shortages, so teams can boost operational efficiency and focus on what matters most.

Agentic AI can help automate repetitive cybersecurity tasks, reducing alert fatigue and resource strain. By integrating with existing tools, it can help enhance security coverage, lower costs, and enable teams to focus on strategic work. Success relies on robust governance, oversight, and continuous measurement of impact.

Let’s look into the insights from the IDC research study “Using Agentic AI to Solve the Core Cybersecurity Problem: Time” (November 2025)¹ around some of the top challenges IT and security teams are facing when securing their organization, and how agentic AI can be used to help automate tasks and boost productivity.

Overview

Automating security’s most time-consuming tasks to help boost resilience and reduce risk

Time constraints are a central challenge in cybersecurity today. Security teams are overwhelmed by the complexity of hybrid IT environments, persistent staff shortages, and a rapidly expanding threat landscape. As a result, IDC found that professionals spend a third of their time on repetitive, low-value tasks like alert triage and compliance checks, leading to alert fatigue, missed threats, and limited capacity for strategic improvements.

IDC survey data from over 700 IT and security professionals in the November 2025 study reveals that these operational burdens have significant consequences: up to 38% of insider risk alerts go uninvestigated each week, as well as large portions of phishing and data loss prevention alerts. The cost of outsourcing these tasks is high, and even well-resourced organizations struggle to keep pace, resulting in dangerous gaps in security coverage and increased risk of breaches and compliance failures.

Agentic AI is presented as a transformative solution, automating and accelerating complex, repetitive security tasks with supervised autonomy. Early adopters surveyed report dramatic time savings—such as reducing phishing triage from 30 minutes to just 3 minutes per alert—and improved productivity. However, the study emphasizes that trust, oversight, and robust governance are essential for successful adoption, with organizations prioritizing transparency, auditability, and integration with existing tools to ensure responsible and effective use of AI.

“It is difficult to scale the number of people, so technology is necessary to scale the amount of work for which each person is responsible and the nature of the work. People are best suited for complex tasks, while AI is best suited for repetitive and mundane work.”

Excerpt from “Using Agentic AI to Solve the Core Cybersecurity Problem: Time”¹

Dangerous gaps in security coverage

Critical alerts overlooked due to time pressure, leaving organizations exposed

The study also found that time constraints often force staff to prioritize urgent tasks over strategic improvements, leaving gaps in defenses and compliance. As a result, organizations become more vulnerable to attacks and struggle to maintain effective, proactive cybersecurity programs.

Not having enough time limits cybersecurity teams’ ability to thoroughly investigate alerts, patch vulnerabilities, and implement robust security measures, increasing the risk of missed threats and breaches. According to the IT and security professionals surveyed, about one-third of alerts in the following categories simply go uninvestigated.

31% of phishing alerts are not investigated each week
38% of insider risk alerts are not addressed each week
36% of data loss prevention alerts are untriaged each week

Alert fatigue is real.

77% of security teams cite alert fatigue as a top challenge, draining time and focus.

Security professionals are overwhelmed by the volume of alerts, with over three-quarters reporting alert fatigue as a major obstacle. This constant barrage not only strains limited staff and increases the risk of missed threats and burnout, highlighting the urgent need for automation and smarter workflows.

Manual tasks consume valuable time.

Cybersecurity teams spend 33% of their time on repetitive, low-value manual work.

Despite advanced tools, a third of IT and security professionals’ time is consumed by routine tasks like alert triage and compliance checks. This diverts attention from strategic initiatives and contributes to disengagement and fatigue, making automation essential for boosting productivity and morale.

Critical alerts unaddressed.

Up to 31% of user-reported phishing alerts go uninvestigated each week.

Time constraints force teams to prioritize urgent issues, leaving nearly half of conditional access reviews rubber-stamped. This can create gaps in defenses, increasing the risk of breaches and compliance failures—an urgent call for smarter, AI-driven solutions.

AI delivers real ROI.

Agentic AI cuts phishing triage time from 30 minutes to just 3 minutes per alert.

Organizations using agentic AI report dramatic time savings on critical tasks like phishing triage. By automating repetitive processes, AI empowers security teams to focus on complex threats, helps reduce burnout, and helps deliver measurable return on investment (ROI) at scale.

Download the study