XM Cyber, a company that offers hybrid cloud exposure management, released findings from its 2024 State of Security Posture Survey. The report is based on a survey of 300 CISOs and security decision-makers from large organizations in the U.S. and .U.K., and assesses how exposures are remediated, effort invested and motivations behind such attempts.
Observed trends included increasing commitment to remediation efforts. Eighty seven percent of organizations indicate plans to enhance vulnerability and exposure remediation efforts within the next year. This decision comes despite challenges, such as a shortage of skilled personnel and the burden on existing security teams. Additionally, 62 percent of IT and security teams are actively engaged in remediating exposures, handling an average of 12 per week. This indicates substantial yet insufficient effort given the thousands of CVEs, as well as the ever-growing number of exposures such as misconfigurations and credential issues that are increasingly exploited in attacks.
The survey also revealed increasing complexity and volume of cyber threats. Eighty two percent of companies report an expanding gap between the number of exposures and their ability to manage them. This widening gap reflects both the increasing volume and sophistication of cyber threats. Moreover, the struggle with outdated legacy systems, as reported by 90 percent of respondents, underscores the difficulty in aligning older systems with emerging threats, highlighting the need for a new approach.
Another prominent theme is the focus on cloud and integrated cybersecurity strategies. Roughly 45 percent of organizations identify the cloud as a primary area for enhancing security posture, indicating a shift towards cloud-centric security concerns. However, nearly half of the organizations surveyed manage exposures separately for on-premise and hybrid cloud environments. This suggests a growing need for integrated, holistic approaches, moving away from siloed strategies that leave gaps in defense mechanisms.
Challenges in communication and organizational alignment are also evident. Approximately 68 percent of companies emphasize the importance of effectively conveying security posture to leadership. The report also notes a discrepancy in processes at different organizational levels, with more senior roles reporting more formalized processes than do those on the operational frontlines, indicating a potential disconnect in understanding and addressing cybersecurity challenges.
Finally, the survey addressed centralized management and scalability. About half of respondents report using a single program to manage exposures, a trend more prevalent in smaller organizations. In contrast, larger companies often face challenges in implementing such centralized approaches, underlining the need for scalable, adaptable solutions catering to the diverse needs of organizations of different sizes.
The findings underscored the critical need for organizations to evolve their cybersecurity strategies. As threats become more sophisticated, the emphasis shifts from traditional threat management to a more comprehensive approach that encompasses cloud environments, identity management, and effective communication. The report highlights the urgency of adopting scalable and integrated solutions to address the complex cybersecurity landscape effectively.
“The data highlights two crucial gaps that need to be bridged: the expanding gap between exposures and remediations, and the communications gap between security operators and leadership,” said Boaz Gorodissky, CTO and Co-Founder of XM Cyber. “It’s a call to action for organizations to not only invest in advanced solutions but also to foster a culture of cybersecurity awareness and collaboration.”
The survey pulled samples from 300 full-time employees, including influential decision-makers such as CISOs, Directors, VP/Heads of Security and other senior cyber professionals responsible for purchasing decisions. Participants were strategically sourced from 210 organizations in the U.S. and 90 in the U.K., all with 2,500 employees or more. The survey, spanning the second half of 2023, was conducted in collaboration with Global Surveyz, an independent survey company.