Nearly four in 10 senior security decision makers “completely” trust that their organization is well-defended against cyberattacks, Kroll, a global risk and financial advisory solutions consultancy, said in a new study.
However, not only did the organizations in the research suffer an average of five major security incidents in the last year, they also used on average eight cybersecurity platforms. A key factor in that apparent disconnect is that just 24% deploy a managed detection and response (MDR) solution or engage with a managed security service provider (MSSP).
Indeed, outsourcing cybersecurity services is gaining popularity. Nearly all (98%) of those respondents that do not already outsource their cybersecurity services have (or are considering) plans to do so, with 51% intending to in the next 12 months.
Security Tools: Quantity vs. Quality
Kroll concluded that a correlation between the number of security tools and the number of security incidents suggests that trusting security tools alone is an unsound strategy. Having the right tools, and not the number of tools, is an important factor in cyber protection.
Kroll’s 2023 State of Cyber Defense Report: The False-Positive of Trust surveyed 1,000 senior IT security decision makers in Q1 2023 at firms with $50 million to $10 billion in revenue. The global study seeks to understand the levels of organizational trust and how that can have wide-ranging impacts on effectively dealing with cybersecurity challenges.
Pierson Clair, Kroll managing director of cyber risk, commented:
“There is a frequent overestimation in the capabilities of security tools without continued managed response. Of course, this is understandable considering the sheer volume of data that security teams deal with and the number of cyber incidents businesses tackle daily. Security teams want solutions that will fix today’s problems, without appreciating the fact that there is no ‘one-and-done’ solution for an ever-changing landscape.”
Report Finds Trust a Major Issue
Key global findings from Kroll’s research report include:
- 42% of information security decision-makers reported a lack of trust as their biggest challenge. 95% do not believe that senior leadership trusts their security teams to protect their organizations from threats.
- Trust in employees to stop a cyberattack (66%) is ranked higher than the ability of the security team to identify and prioritize security gaps (63%), the accuracy of data alerts (59%), the effectiveness of cybersecurity tools and technologies (56%), and the accuracy of threat intelligence data (56%).
- The higher the average number of platforms used the more cybersecurity incidents organizations have experienced.
- A lack of communication is the most frequent cause for a loss of trust, as reported by 47% of information security decision-makers. 97% reported that they do not have complete trust across all aspects of their organization.
- 98% agree there is a cost to a lack of trust in the workplace, with more complexity being the greatest perceived consequence (37%).
- Only 23% of businesses have cybersecurity insurance. Only 20% of IT and security professionals who say that their security operations are cyber mature have cyber insurance.