Trust issues rampant in cybersecurity, reveals Kroll’s 2023 report

Trust issues rampant in cybersecurity, reveals Kroll's 2023 report

Kroll, a pioneer in global risk and financial advisory services, has published its anticipated 2023 State of Cyber Defense Report, drawing attention to the pitfalls of excessive trust in cybersecurity provisions.

In a surprising reveal, the study found that a mere 37% of senior security decision-makers expressed absolute confidence in their organisation’s defense against cyberattacks. This is despite a yearly average of five major security breaches and the deployment of up to eight cybersecurity platforms.

The report, titled ‘The False-Positive of Trust’, signals an alarming correlation: a higher number of security tools being linked with an increased incidence of cybersecurity breaches. The reliance on multiple security platforms does not assure protection against cyber threats, highlighting a critical misunderstanding among security teams about the nature and scale of the threats faced. The report indicates that only 24% of firms utilise a managed detection and response (MDR) or a managed security service provider (MSSP) solution, thus raising their vulnerability.

Conducted by independent market research specialist, Vanson Bourne, the study involved 1,000 senior IT security decision-makers from firms with revenues spanning $50m to $10bn. Participants, responsible for or knowledgeable about their organisation’s cybersecurity, represented countries including the U.S., the UK, Ireland, Spain, Italy, Singapore, Hong Kong, Japan, and Brazil.

Edward Starkie, associate managing director of Cyber Risk at Kroll, said, “To navigate the current threat landscape, trust is imperative. There needs to be trust in teams, trust in technology, in intelligence sources, and in suppliers. However, there is a critical balance to be made on how much and where that trust should be placed.

“Further, businesses seem unaware of the importance of continued managed response. Of course, this is understandable considering the sheer volume of data that security teams deal with and the number of cyber incidents businesses tackle daily. Security teams want solutions that will fix today’s problems, without appreciating the fact that there is no ‘one and done’ solution for an everchanging landscape.”

The research reveals widespread mistrust across organisations, with 97% not possessing complete trust in all areas of their operations. Mistrust carries a hefty price tag, with 98% agreeing to the costs associated with it. Furthermore, the misplaced trust in employees to dodge cyberattacks is rated higher than the capability of security teams to identify and plug security gaps. Interestingly, only 23% of businesses have cybersecurity insurance cover, and the outsourcing of cybersecurity services is on the rise, with 51% planning to do so within the next year.

Jason Smolanoff, president of Cyber Risk at Kroll, said, “To move beyond unsafe assumptions about their cybersecurity and become fully cyber resilient, organizations need to keep up to date on evolving cyber threats, gain in-depth understanding of what their security tools can defend against and maximize tooling in response.

“Specialist support will provide the critical viewpoint needed to help businesses avoid internal security siloes and enhance their knowledge with constantly-updated threat insight.”

Keep up with all the latest RegTech news here

Copyright © 2023 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.