Today, Critical Start, a leading provider of Managed Detection and Response (MDR) cybersecurity solutions, unveiled its 2023 Cyber Risk Confidence Index, a report that analyzes the confidence levels IT security leaders have in their existing approach to reducing cyber risk, and how well their current strategies align to their organization’s risk appetite. Results of the study, conducted in partnership with research consultancy, Censuswide, revealed that 66%1 of cybersecurity leaders in the U.S. are not very confident in the effectiveness of their current strategies for evaluating and mitigating major cyber risks.
Experts predict the cost of cybercrime will hit $8 trillion in 2023 and grow to $10.5 trillion by 2025. Yet, 83% of IT security leaders say their company prioritizes the cost of security over the risk of a breach, according to Critical Start’s research. Additionally, 67% of organizations say they have been breached in the past two years, despite having traditional threat-based detect and respond security solutions in place. Further, 61%2 of respondents claim their organization’s cybersecurity investment and quantifiable risk reduction priorities are not fully aligned.
“Considering the multitude of daunting challenges cybersecurity leaders face today, ranging from sophisticated and ever-evolving threat environments to under-staffed security teams, the lack of confidence our research revealed may be alarming but is not entirely unexpected,” said Randy Watkins, Chief Technology Officer at Critical Start. “When we dive deeper into the data we gathered, a familiar story emerges of security professionals hungry for more resources and better alignment between their security investments and their organization’s appetite for risk.”
Additionally, the study also examined perceptions and attitudes security leaders have related to organizational challenges and priorities, resource constraints, and potential technology solutions to help alleviate many of their greatest pain points. Key findings in these areas include:
- Security challenges are in abundance. Critical Start’s report found that the increasing sophistication of an evolving threat landscape is the most frequent challenge cybersecurity leaders face. A similar level of concern is ascribed to the lack of resources at IT and cybersecurity leaders’ disposal (45%) and 38% of companies directly cite budgetary pressures as a problem.
- Cyber risk often falls on one person’s shoulders. While 90% of respondents say their organization has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.
- Lack of continuous risk assessment hinders cyber confidence. Only 49%3 of companies are running full and comprehensive cybersecurity assessments and risk evaluations more frequently than once every six months.
- Automation becomes a need-to-have: Around half (45%) of respondents view automation as the best solution to addressing cybersecurity challenges. In fact, 82% of respondents expect security vendors to leverage AI technology to enhance their cyber risk capabilities in the next 12 months.
Research for the Critical Start 2023 Cyber Risk Confidence Index was conducted by Censuswide, via a survey of 501 U.S.-based IT security decision makers at businesses ranging from 2,500-25,000 employees.