| Title: | Human-AI integration in cybersecurity : an industry-aligned perspective on incident management |
|---|
| Authors: | ID Kincl, Jan, Institut "Jožef Stefan" (Author)
ID Adam, Marc T. P. (Author)
ID Pavleska, Tanja, Institut "Jožef Stefan" (Author) |
|---|
| Files: |  URL - Source URL, visit https://link.springer.com/article/10.1007/s10207-026-01259-5
 PDF - Presentation file, download (2,22 MB)
MD5: 8D88D9572571D0A80047CFECF804C68B
|
|---|
| Language: | English |
|---|
| Typology: | 1.01 - Original Scientific Article |
|---|
| Organization: |  IJS - Jožef Stefan Institute
|
|---|
| Abstract: | The integration of Artificial Intelligence (AI) into cybersecurity incident management has gained momentum amid rising threats and increasing operational complexity. While academic research has been widely analysed and found to predominantly address detection tasks and algorithmic performance, the industry perspective remains under-explored, with limited understanding of its practices and priorities. This paper presents a document analysis of a rich corpus of publicly available, industry-issued reports, to examine how AI is understood, deployed, and evaluated in real-world cybersecurity operations. By contextualising the well-established Technology-Human-Task-Context (THTC) framework to the cybersecurity domain, we identify key dimensions shaping AI integration, including task alignment, human oversight, operational constraints, and expected benefits. Our findings highlight critical gaps in current implementations, such as limited attention to recovery, governance, and task assignment, and emphasise the dual role of human experts as both controllers and beneficiaries. To address these gaps and support actionable system design, we propose a set of industry-aligned recommendations derived from a synthesis of the THTC framework and document analysis. These recommendations encompass AI capabilities, integration requirements, task alignment, outcomes, risk management, control mechanisms, and human factors. Our work offers a comprehensive foundation for aligning academic research with industry needs, guiding the development of AI-powered cybersecurity expert systems that are technically effective, ethically sound, and operationally viable. |
|---|
| Keywords: | cybersecurity, incident management, document analysis, academia-industry alignment |
|---|
| Publication status: | Published |
|---|
| Publication version: | Version of Record |
|---|
| Submitted for review: | 18.11.2025 |
|---|
| Article acceptance date: | 09.04.2026 |
|---|
| Publication date: | 29.05.2026 |
|---|
| Publisher: | Springer Nature |
|---|
| Year of publishing: | 2026 |
|---|
| Number of pages: | str. 1-29 |
|---|
| Numbering: | Vol. 25, article no. 103 |
|---|
| PID: | 20.500.12556/DiRROS-29597  |
|---|
| UDC: | 004 |
|---|
| ISSN on article: | 1615-5270 |
|---|
| DOI: | 10.1007/s10207-026-01259-5 |
|---|
| COBISS.SI-ID: | 279861507 |
|---|
| Copyright: | © The Author(s) 2026 |
|---|
| Note: | Nasl. z nasl. zaslona;
Opis vira z dne 29. 5. 2026;
|
|---|
| Publication date in DiRROS: | 29.05.2026 |
|---|
| Views: | 44 |
|---|
| Downloads: | 31 |
|---|
| Metadata: |    |
|---|
|
:
|
Copy citation |
|---|
| | | | Share: |  |
|---|
Hover the mouse pointer over a document title to show the abstract or click
on the title to get all document metadata. |
