Kroll’s organizational cybersecurity research highlights the problems firms confront with rising security occurrences. Discover the gap between top security decision-makers’ confidence and cyber risks, as well as employee faith in prevention versus security methods.
In its most recent research, Kroll, an independent provider of global risk and financial advising solutions, found that organizations faced an average of five significant security events in the past year alone. How confident are businesses in their cybersecurity safeguards, though, as these and other recent hacks claim credible victims?
As some of the biggest and wealthiest organizations in the world have been the targets of numerous hacker groups, cyber attacks have dominated news stories in recent weeks. Payroll data for employees was stolen from the BBC, British Airways, Aer Lingus, and Ofcom in the most recent MOVEit attack, which is still killing people.
Even companies like Microsoft have admitted that cyberattacks were to blame for the hiccups and outages that its office suite—including Outlook—experienced at the start of June. How confident can other organizations be in their safety when even the biggest names in technology are somehow exploited?
Despite these findings, 37% of senior security decision-makers still “completely” believe that their organization is secured and can successfully fight against any cyberattacks, according to Kroll’s “2023 State of Cyber Defense Report: The False-Positive of Trust.” But given the current situation, is this confidence misplaced?
In general, employee trust in their ability to prevent cyberattacks (66%) is rated higher than the security team’s capacity to recognize and prioritize security gaps (63%) and the accuracy of data alerts (59%), as well as the efficiency of cybersecurity tools and technologies (56%), and the reliability of threat intelligence data (56%).
‘There is no ‘one and done’ solution for an ever-changing landscape’
Despite the fact that businesses use an average of eight cybersecurity platforms, the survey shows that businesses have had more cybersecurity issues the more platforms they have installed on average.
This relationship between the availability of security tools and security events implies that relying solely on security technologies is foolish and that security teams could not completely comprehend the risks they must deal with. Additionally, just 24% of organizations have a managed detection and response (MDR) or managed security service provider Solution (MSSP) in place, despite the widespread deployment of security solutions.
This demonstrates that having several security tools on a network does not ensure protection, and that organizations are more vulnerable to threats without a partner who regularly administers and upgrades the security monitoring systems, as would an MDR provider.
According to Edward Starkie, associate managing director of cyber risk at Kroll, “Trust is essential to navigating the present danger landscape. Trust must be placed in suppliers, teams, technology, and intelligence sources. On how much and in which areas that trust should be placed, though, there must be a careful balance struck.
“Furthermore, corporations don’t seem to understand the value of ongoing controlled response. Of course, this makes sense given the enormous amount of data that security teams must manage and the frequency of cyber attacks that affect businesses every day. Without understanding that there is no “one and done” solution for an ever-changing landscape, security teams desire fixes for today’s issues.
“Specialist support will offer the crucial perspective required”
Only 23% of companies have cybersecurity insurance, and only 20% of IT and security experts claim their security operations are cyber-mature and covered by cyberinsurance.
98% of those that do not currently outsource their cybersecurity services have (or are contemplating) plans to do so, with 51% planning to do so within the next 12 months. This indicates that outsourcing cybersecurity services is becoming more and more popular. The transparency between their security teams and security providers, according to 89% of IT and security decision-makers, has to be improved.
According to Jason Smolanoff, president of cyber risk at Kroll, “organizations need to stay current on evolving cyber threats, gain a thorough understanding of what their security tools can defend against, and maximize tooling in response to move beyond unsafe assumptions about their cybersecurity and become fully cyber resilient.
“Organisations can accomplish this by collaborating with a dependable outside partner to obtain an unbiased assessment of their security situation. Professional assistance will offer the crucial perspective required to assist companies in avoiding internal security silos and enhancing their knowledge with continuously updated threat information.