The State of Global Security Operations: By the Numbers
Even though more than $130B is spent on cybersecurity annually, the number of breaches continues to rise. Something isn’t adding up.
Explore highlights from recent global research conducted by CyberRisk Alliance to examine the extent organizations are struggling to establish effective cybersecurity defenses.
SOURCE: CRA 2021 Survey North American IT Leaders
On average, IT leaders reported investigating 1,376 incidents per year, about three per day, with 33% of North American organizations surveyed reporting investigating more than three incidents per day.
THIS MEANS:
Incidents are being missed. Unless you have unlimited team members to manage and triage alerts, your organization is at risk of an incident slipping through the cracks.
1,376 Investigated IT Incidents Per Year
(3 Incidents Per Day)
33% of North American Organizations Saw More Than 3 Incidents Per Day
Our organization is in a state of chaos and transition, between the covid related furloughs and shutdowns, the addition of work from home, and the ongoing digital transformation, our organization has never been this vulnerable to attack.”
– CISO at Manufacturing organization
Security gaps at the management level
An alarming 49% of IT and Security leaders say they lack C-Suite support for cybersecurity initiatives, while 52% believe their upper management/senior leadership lacks cybersecurity awareness or knowledge.
THIS MEANS:
The saying “If it ain’t broke, don’t fix it” shouldn’t apply to a cybersecurity strategy. When leadership only hears about IT and cybersecurity when there are urgent issues, it can be challenging to build a proactive security approach.
49% of IT and Security leaders say they lack C-Suite support for cybersecurity initiatives
52% of IT and Security leaders believe their upper management/senior leadership lacks cybersecurity awareness or knowledge
Only 1 in 5 respondents is “very confident” about defending their organization against cyber attacks in the near term.
Making matters worse?
More than half of respondents reported that IT staff burnout was a major obstacle they’d have to overcome in the next six months.
THIS MEANS:
IT and security teams find they increasingly lack the resources and training to handle a rising number of incidents, leaving organizations vulnerable to increasingly malicious and creative attacks by bad actors.
Challenges with regulatory compliance
More than half (53%) of respondents cite regulatory compliance as a primary challenge for improving their organization's security posture in the next six months.
THIS MEANS:
The complexity of maintaining regulatory compliance can feel overwhelming, especially with multiple frameworks and overlapping requirements. Meeting compliance obligations will continue to be a challenge for teams without the right expertise and guidance in place.
The Bright Side:
A large majority (80%) of organizations are likely to, or already have, invested in cybersecurity or increased their budget in 2021. Leaders plan to prioritize investment in technology (41%) and building a culture of cybersecurity (39%) to improve outcomes.
Organizations Investing in
Cybersecurity Budget Increases
Leaders Prioritizing
Technology Investments
Organizations Building a
Culture of Security
THIS MEANS:
Through some unfortunate (and costly) lessons learned, businesses have recognized that a proactive security approach is the best approach. However, even the best tools and IT/security staff can’t protect a vulnerable organization with careless employees—underscoring the importance of ongoing training and a culture of security.
JUST RELEASED
Report: The State of Global Security Operations
Research from CyberRisk Alliance reveals that even as organizations take all the right steps to strengthen their cybersecurity defenses—training employees, investing in technology and engaging third-party experts—they are still not achieving the desired outcomes.
ON-DEMAND WEBINAR
Security Operations Insights: A Global Perspective with CyberRisk Alliance
Research from CyberRisk Alliance and Arctic Wolf reveals that even as organizations take proper steps to strengthen their cybersecurity defenses training employees, investing in technology, and engaging third-party experts, they aren’t achieving their desired outcomes.
