Kroll, a pioneer in global risk and financial advisory services, has published its anticipated 2023 State of Cyber Defense Report, drawing attention to the pitfalls of excessive trust in cybersecurity provisions.
In a surprising reveal, the study found that a mere 37% of senior security decision-makers expressed absolute confidence in their organisation’s defense against cyberattacks. This is despite a yearly average of five major security breaches and the deployment of up to eight cybersecurity platforms.
The report, titled ‘The False-Positive of Trust’, signals an alarming correlation: a higher number of security tools being linked with an increased incidence of cybersecurity breaches. The reliance on multiple security platforms does not assure protection against cyber threats, highlighting a critical misunderstanding among security teams about the nature and scale of the threats faced. The report indicates that only 24% of firms utilise a managed detection and response (MDR) or a managed security service provider (MSSP) solution, thus raising their vulnerability.
Conducted by independent market research specialist, Vanson Bourne, the study involved 1,000 senior IT security decision-makers from firms with revenues spanning $50m to $10bn. Participants, responsible for or knowledgeable about their organisation’s cybersecurity, represented countries including the U.S., the UK, Ireland, Spain, Italy, Singapore, Hong Kong, Japan, and Brazil.
Edward Starkie, associate managing director of Cyber Risk at Kroll, said, “To navigate the current threat landscape, trust is imperative. There needs to be trust in teams, trust in technology, in intelligence sources, and in suppliers. However, there is a critical balance to be made on how much and where that trust should be placed.
The research reveals widespread mistrust across organisations, with 97% not possessing complete trust in all areas of their operations. Mistrust carries a hefty price tag, with 98% agreeing to the costs associated with it. Furthermore, the misplaced trust in employees to dodge cyberattacks is rated higher than the capability of security teams to identify and plug security gaps. Interestingly, only 23% of businesses have cybersecurity insurance cover, and the outsourcing of cybersecurity services is on the rise, with 51% planning to do so within the next year.
Jason Smolanoff, president of Cyber Risk at Kroll, said, “To move beyond unsafe assumptions about their cybersecurity and become fully cyber resilient, organizations need to keep up to date on evolving cyber threats, gain in-depth understanding of what their security tools can defend against and maximize tooling in response.
“Specialist support will provide the critical viewpoint needed to help businesses avoid internal security siloes and enhance their knowledge with constantly-updated threat insight.”
Keep up with all the latest RegTech news here
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst