The IT Operations and Security Skills Gap: What if We Don’t Know What We Don’t Know?

When asked about the convergence of IT operations and security teams, participants revealed some unexpected data. Participants responded that, over the past two years, fewer cyberattacks were reported. Given that many in the industry have become accustomed to the number of reported cyberattacks increasing year over year, this survey’s surprising finding prompted Gabe Knuth, senior analyst at Enterprise Strategy Group (ESG) and author of the report, to examine the data further.

In this post, we highlight a few notable datapoints from the ESG report, The Growing Role of AI in Endpoint Management and Security Convergence, along with some of Knuth’s takeaways from the findings. Finally, we zoom out to look at the broader questions of IT visibility and the security operations skills gap that this report raises.

The relationship between IT visibility and the operations skills gap

Speaking to the Tanium team about the survey results, Knuth called out one survey question in particular: Has your organization experienced some type of cyberattack in which the attack itself started through the exploitation of an unknown, unmanaged, or poorly managed endpoint? Chart 1, Chart element

Fig. 1 – ©2025 TechTarget, Inc. All rights reserved.

Fifty-four percent of respondents reported having experienced at least one such cyberattack, of whom 22% reported several. This represents a significant decrease from the 77% of respondents who reported one or more such attacks in 2023—a drop of 23%.

Not only were fewer attacks reported overall, but also the percentage of respondents claiming to have experienced no cyberattacks more than doubled, from 15% in 2023 to 36% in 2025.

That’s great, right? Mission accomplished! Well done IT ops and security teams.

Well, not so fast, cautions Gabe Knuth. We must first consider what his further analysis revealed.

By comparing this data between mature organizations and those reporting skills gaps, Knuth told the Tanium team, “People who said they had skills gaps in the areas like vulnerability management and incident reporting were also quite likely to answer ‘maybe’ or ‘no.’” Furthermore, mature teams “reported more cyberattacks because they see more cyberattacks.”

Interestingly, Knuth speculates that more mature teams will tend to report a higher number of cyberattacks—not because they are targeted more often, but because their greater visibility into and awareness of their IT environments allow them to detect more incidents.

In other words, teams with limited visibility and skills gaps may simply be missing the signs. It’s not that attacks aren’t happening—it’s that they’re going unnoticed, masked by a lack of awareness and detection capability.

Why this matters to Tanium

At Tanium, visibility and certainty are core to our mission. In fact, the data suggests that one of the key benefits of coordinating the efforts of the IT operations and security teams is increased awareness, which leads to:

• Greater visibility into potential issues
• A higher likelihood of detecting, preventing, and resolving problems

Sharing a common view through unified tools and processes helps break down silos and improves situational awareness.

But let’s be clear: simply merging teams doesn’t erase the underlying skills gap. And in a “do more with less” environment, finding and retaining skilled personnel remains a challenge.

Visibility is awareness: Here’s how to strengthen it

If mature teams are detecting more cyberattacks simply because they’re better equipped to see them, then visibility isn’t just a technical metric—it’s a strategic advantage.

To close the gap between perceived and actual security, organizations should prioritize visibility across both infrastructure and operations.

Here are two practical ways to help strengthen visibility:

• Unify IT operations and security efforts: Break down silos by coordinating these teams around shared tools, data, and workflows. A centralized view of your environment enables real-time detection of threats and faster, more effective responses. This integration allows teams to detect issues more effectively and respond to incidents with greater agility and precision.
• Audit your endpoint and asset visibility: Take a critical look at your endpoint discovery and asset management practices. Do you have a reliable inventory of devices accessing your network? Are they patched, compliant, and monitored? Every unknown or unmanaged endpoint is a potential attack vector. If you don’t know what you have, you can’t manage or secure it.

Improving visibility is a critical first step—but visibility alone isn’t enough. Once organizations can see what’s happening across their environments, the next challenge is acting on that insight quickly and consistently. That’s where autonomous endpoint management (AEM) comes in.

The role of autonomous endpoint management

AEM is gaining traction because it directly addresses the growing complexity of endpoint environments and the widening skills gap.

And the good news? Gabe believes interest in AEM is sky-high.

With AI and automation at its core, AEM is set to help organizations move from awareness to action—at scale and with confidence.

The urgency is clear: 46% of respondents identified AI and machine learning implementation as a top skills gap—surpassing even cloud and SaaS security (which came in second at 38%). Faced with this shortage, organizations are turning to automation not just for efficiency, but also for resilience.

Fig. 2 – ©2025 TechTarget, Inc. All rights reserved.

This snapshot of top skill gaps highlights just how stretched IT and security teams have become. As complexity grows and expertise becomes harder to find, organizations are looking for smarter, more scalable ways to keep up.

And that’s exactly where AEM begins to deliver.

Bridging the skills gap with automation

One of the most promising ways to close this gap is through no-code and low-code automation. This approach allows less experienced staff to manage—and even build—automated workflows that traditionally require deep technical expertise. By offloading manually intensive, repetitive, error-prone processes teams can focus on higher-value initiatives that improve outcomes and efficiency.

But automation isn’t plug-and-play. Orchestrating actions across multiple products is inherently complex—each tool has its own APIs, data models, and environmental assumptions. Organizations can’t be expected to rip and replace everything overnight. That’s where out-of-the-box AEM provides the tools necessary to transition gracefully away from those brittle, manual workflow processes.

Easing concerns around control and risk

It’s natural for some team members to be hesitant about automation. It can feel like you’re losing visibility and giving up control.

To build trust and ensure safe adoption, organizations should:

• Provide real-time, hard data-driven insights into the expected success rate of automated actions like automated patching or update deployments. This gives teams the confidence they need to click the enter button.
• Ensure that changes can be safely delivered in a carefully monitored and phased manner, initially deploying changes to a small group of endpoints and then progressively targeting larger groups based on clear progression criteria. This contains unexpected, potentially harmful actions to only a few endpoints and minimizes disruptions to productivity and security.
• Maintain oversight at every step of the automated process with complete control This level of control keeps humans in the loop at each step of the way to validate, pause, resume, or stop actions and to intervene if workflow progression criteria are unmet and execution stops.

What the data really tells us

This ESG report uncovers a concerning truth–lack of skills and lack of visibility translates into a lack of security. It is encouraging that many organizations are prioritizing AEM as part of their strategy to close these gaps. Yet others are reluctant because of concerns about losing visibility and control. The good news is that now, those challenges are being addressed.

For a deeper dive, you can read the full report, The Growing Role of AI in Endpoint Management and Security Convergence. It offers a data-rich, analyst-driven look at how IT and security leaders are responding to the mounting challenges of endpoint management. From rising device sprawl and tool overload to widening skills gaps and increasingly sophisticated threats, the report explores how AI and automation are reshaping both offensive and defensive strategies. It also highlights where organizations are investing next and what’s working to improve visibility, consolidate tools, and advance operational maturity.

If you’re looking to benchmark your approach, uncover emerging trends, or make smarter decisions about where to focus next, this is essential reading.

You can also join Erik Gaston, vice president of global executive engagement at Tanium, and Gabe Knuth, senior analyst for ESG, for a candid fireside chat on why AEM is gaining momentum—and what it means for the future of IT and security operations.

Drawing from new research and real-world insights, they’ll unpack the challenges of visibility, complexity, and skills gaps—and explore how AEM is helping organizations modernize patching, improve coordination, and respond faster to threats. Register for the webinar here.

Discover how Tanium AEM can help your organization close visibility and skills gaps while giving your team the validation and oversight they need to stay in control. Schedule a free demo today.