A recent examination conducted by Kroll explored the degree of confidence in an organization’s capability to thwart cyberattacks. The study’s results unveiled that merely 37% of individuals in senior security decision-making positions hold absolute confidence in their organization’s defense mechanisms against all cyber invasions, notwithstanding that these organizations had experienced around five substantial security incidents within the previous year.

The examination unveiled a link between the quantity of security tools and the frequency of security incidents, suggesting an unwise reliance solely on security tools. This indicates a potential lack of understanding among security teams regarding the true nature of the threats they are combating. Despite the extensive use of security tools, it was found that just 24% utilize managed detection and response (MDR) or managed security service provider (MSSP) solutions.

Key global findings encompassed:

• Information security decision-makers accounted for over a third (42%), pointing towards a trust deficit as their biggest hurdle. A massive 95% amongst them did not feel that their superior leadership had faith in their security teams’ ability to shield their organizations from threats.
• Faith in employees’ capacity to fend off a cyberattack (66%) was rated higher than the security team’s competency in identifying and prioritizing security gaps (63%), the precision of data alerts (59%), the efficacy of cybersecurity tools and technologies (56%), and the accuracy of threat intelligence data (56%).
• Organizations that utilize a larger average number of platforms experienced a greater number of cybersecurity incidents. The correlation between the quantity of incidents and the 24% who have MDR emphasizes that the significance lies in possessing the appropriate tools, rather than the number of tools, for optimal cyber protection.
• Loss of trust was predominantly attributed to a communication shortfall, as claimed by 47% of information security decision-makers. Nearly all (97%) disclosed that they lack full trust in all sectors of their organization.
• A vast majority (98%) concurred that a trust deficit in the workplace incurred costs, with the primary perceived repercussion (37%) globally being increased complexity.
• Cybersecurity insurance was a feature of 23% of businesses. A fifth of IT and security professionals who claimed their security operations were cyber mature were found to possess cyber insurance.
• Nearly all (98%) who have not yet outsourced their cybersecurity services either already have plans or are contemplating such a move, with 51% intending to do so within the coming 12 months. Nonetheless, there was a call for more transparency between security teams and security vendors by 89% of IT and security decision-makers.