Study: Most Businesses Fail to Understand Their Cyber Risks

Managed detection and response (MDR) provider Critical Start published a Cyber Risk Landscape Peer Report that explores major concerns and challenges confronting cybersecurity leaders as they manage risk within their organizations.

The report examines the amount of risk organizations are willing to accept, resource constraints and key priorities for approaching cyber risk in the future.

Study results reveal businesses struggle to understand their cyber risks, with 66 percent of respondents indicating they have limited visibility and insight into their cyber risk profiles, hindering their ability to prioritize investments and allocate resources effectively.

Amidst an environment of ever-evolving cyber threats, there is a strong need to progress how the industry approaches cyber protection for businesses to better equip security leaders during a period of staffing shortages and burnout.

This is evident as 67 percent of organizations experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place. Further, 61 percent of security executives expressed concerns over the current misalignment between cybersecurity investments and their organization’s risk reduction priorities.

Additional key findings of the study, conducted in partnership with research consultancy Census wide include:

  • The cybersecurity landscape and what cyber leaders need is changing – 83 percent of organizations agree a comprehensive, cyber risk reduction strategy will yield a reduction in the likelihood of a significant cyber incident occurring.
  • Organizations are looking to be more proactive – 74 percent of organizations plan to prioritize proactive risk reduction strategies to stay ahead of the evolving threat landscape.
  • Cyber teams are seeking help – 93 percent of organizations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.
  • Organizations see a need for holistic cyber risk management solutions – 93 percent of organizations expressed the belief a holistic, evidence-based approach to cyber risk management will yield a reduction in the likelihood of a significant cyber incident occurring. This includes integrating risk assessment, protection, detection, response, and recovery into a cohesive strategy.

The publishing of the Cyber Risk Landscape Peer Report comes on the heels of Critical Start’s introduction of managed cyber risk reduction (MCRR), a groundbreaking approach to security designed to reshape the way businesses combat cyber risks.

MCRR, the next evolution of MDR, provides a comprehensive managed solution to address risks, vulnerabilities and threats. It’s built to go beyond threat-based detection and response to support organizational security programs across the five functions of the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF): identify, protect, detect, respond and recover.

For more report findings and recommendations on how security leaders can evolve their strategies to include MCRR and align to industry-leading cybersecurity frameworks, download the full Cyber Risk Landscape Peer Report HERE.